[Secure-testing-commits] r56321 - in data: . CVE
Guido Guenther
agx at moszumanska.debian.org
Sun Oct 1 17:25:22 UTC 2017
Author: agx
Date: 2017-10-01 17:25:22 +0000 (Sun, 01 Oct 2017)
New Revision: 56321
Modified:
data/CVE/list
data/dla-needed.txt
Log:
lts: triage botan1.10
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-01 11:25:12 UTC (rev 56320)
+++ data/CVE/list 2017-10-01 17:25:22 UTC (rev 56321)
@@ -544,6 +544,8 @@
CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...)
- botan1.10 <unfixed>
NOTE: https://github.com/randombit/botan/issues/1222
+ NOTE: for 1.10: https://github.com/randombit/botan/commit/aeb87170d1b9013b079c300c8858bad477d30bd4
+ NOTE: for 2.x: https://github.com/randombit/botan/commit/95df7f155570949837e8e28e733f3d59408092da
CVE-2017-14736
RESERVED
CVE-2017-14735 (OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-10-01 11:25:12 UTC (rev 56320)
+++ data/dla-needed.txt 2017-10-01 17:25:22 UTC (rev 56321)
@@ -12,6 +12,8 @@
--
asterisk (Markus Koschany)
--
+botan1.10
+--
ca-certificates
NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155c5a@pbandjelly.org
--
@@ -62,6 +64,8 @@
--
libvorbis (Guido Günther)
NOTE: 20170829: no fix available yet
+ NOTE: asked for reproducers for CVE-2017-14160 and CVE-2017-14633 on
+ NOTE: gitlab and vendor-sec
--
libxml-libxml-perl
NOTE: 20170702: no upstream fix yet, so no need to bother maintainer yet, sent email later
More information about the Secure-testing-commits
mailing list