[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: triage ipython as ignored in wheezy instead of just no-dsa

[Antoine Beaupré]

Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0d312af by Antoine Beaupré at 2018-04-11T16:19:56-04:00
triage ipython as ignored in wheezy instead of just no-dsa

we do not need to look back into that so use the more standard
approach to fixing this.

- - - - -
0e4f8bf1 by Antoine Beaupré at 2018-04-11T16:19:57-04:00
triage libgcrypt out of lts

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3094,7 +3094,7 @@ CVE-2017-18239 (A time-sensitive equality check on the JWT signature in the ...)
 CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file ...)
 	- jupyter-notebook 5.4.1-1 (bug #893436)
 	- ipython 5.1.0-2
-	[wheezy] - ipython <no-dsa> (requires implementation of sanitization first, see NOTES)
+	[wheezy] - ipython <ignored> (Too invasive to fix)
 	NOTE: After the reupload of ipython to Debian as 4.1.2-1 via experimental
 	NOTE: src:ipython does not provide anymore the Notebook
 	NOTE: http://www.openwall.com/lists/oss-security/2018/03/15/2
@@ -8288,6 +8288,7 @@ CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt
 	- libgcrypt11 <removed> (unimportant)
 	- gnupg1 <unfixed> (unimportant)
 	- gnupg <removed> (unimportant)
+	[wheezy] libgcrypt <no-dsa> (unimportant)
 	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
 	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
 	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -52,8 +52,6 @@ libav (Hugo Lefeuvre)
   NOTE: I am currently working on CVE triage but I will not be able to process the whole backlog until May.
   NOTE: Help is welcome, feel free to mail Hugo.
 --
-libgcrypt11
---
 libmad (Kurt Roeckx)
 --
 libraw



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a3e2c2844f1164ba8e611ef91d7d248b872e33f...0e4f8bf1085ccfaf8f0ce2bc81e80a1d002aa4ba

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a3e2c2844f1164ba8e611ef91d7d248b872e33f...0e4f8bf1085ccfaf8f0ce2bc81e80a1d002aa4ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180411/d00683fc/attachment-0001.html>