[Secure-testing-commits] r52484 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jun 11 15:14:23 UTC 2017
Author: carnil
Date: 2017-06-11 15:14:22 +0000 (Sun, 11 Jun 2017)
New Revision: 52484
Modified:
data/CVE/list
Log:
Update status for CVE-2017-9526
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-11 09:10:13 UTC (rev 52483)
+++ data/CVE/list 2017-06-11 15:14:22 UTC (rev 52484)
@@ -1,8 +1,11 @@
CVE-2017-9526 (In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key ...)
- libgcrypt20 1.7.6-2
- - libgcrypt11 <removed>
+ - libgcrypt11 <not-affected> (Curve Ed25519 signing and verification introduced in 1.6.0)
NOTE: master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b
NOTE: 1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
+ NOTE: Curve Ed25519 signing and verification inplemented in 1.6.0 with
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6
+ NOTE: and following refactorings.
CVE-2017-9524
RESERVED
CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through ...)
More information about the Secure-testing-commits
mailing list