[Git][security-tracker-team/security-tracker][master] Add CVE-2018-15560/pycryptodome
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 23 22:21:20 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2906bf0f by Salvatore Bonaccorso at 2018-08-23T21:20:31Z
Add CVE-2018-15560/pycryptodome
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -618,7 +618,10 @@ CVE-2018-15562
CVE-2018-15561
RESERVED
CVE-2018-15560 (PyCryptodome before 3.6.6 has an integer overflow in the data_len ...)
- TODO: check
+ - pycryptodome <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Legrandin/pycryptodome/issues/198
+ NOTE: Introduced by: https://github.com/Legrandin/pycryptodome/commit/e1c7272f732abf3f2e2ea1326444ccbd339d17f2 (3.6.2)
+ NOTE: Fixed by: https://github.com/Legrandin/pycryptodome/commit/d1739c62b9b845f8a5b342de08d6bf6e2722d247 (3.6.6)
CVE-2018-15559 (The editor in Xiuno BBS 4.0.4 allows stored XSS. ...)
NOT-FOR-US: Xiuno BBS
CVE-2018-15558
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2906bf0f5308ffecaa6dec47ffac95547b965a52
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2906bf0f5308ffecaa6dec47ffac95547b965a52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180823/ba6b080b/attachment.html>
More information about the debian-security-tracker-commits
mailing list