[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Annotate CVE-2018-6594
Brian May
bam at debian.org
Tue Apr 10 08:03:40 BST 2018
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd006adc by Brian May at 2018-04-10T17:02:13+10:00
Annotate CVE-2018-6594
* Mark no-dsa in wheezy.
* Add comment about why this isn't being fixed upstream.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8659,11 +8659,14 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generat
- python-crypto <unfixed> (bug #889999)
[stretch] - python-crypto <no-dsa> (Minor issue)
[jessie] - python-crypto <no-dsa> (Minor issue)
+ [wheezy] - python-crypto <no-dsa> (Minor issue)
NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
NOTE: The issue is found as well in pycryptodome (fork from python-crypto)
NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90
NOTE: PyCrytpodome: https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8 (3.4.10)
NOTE: See further discussion as per https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
+ NOTE: Upstream feels that this is not a vulnerability in pycryptodome/python-crypto,
+ NOTE: but in an application using it in an insecure manner.
CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
NOT-FOR-US: MalwareFox AntiMalware
CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd006adcdd7c86fc658b4efabf17327a7e8100d6
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd006adcdd7c86fc658b4efabf17327a7e8100d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180410/1d4fc1a6/attachment.html>
More information about the debian-security-tracker-commits
mailing list