[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update status for CVE-2018-6829/{gnupg, gnupg1}

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
205e8413 by Salvatore Bonaccorso at 2018-02-16T21:30:36+01:00
Update status for CVE-2018-6829/{gnupg,gnupg1}

The libgcrypt implementation in gnupg1/gnupg would still be affected but
the GnuPG not using ElGamal for directly encrypting messages. As such
mark with severity unimportant.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -854,12 +854,12 @@ CVE-2018-6830
 CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...)
 	- libgcrypt20 <unfixed>
 	- libgcrypt11 <removed>
-	- gnupg1 <not-affected>
-	- gnupg <not-affected>
+	- gnupg1 <unfixed> (unimportant)
+	- gnupg <removed> (unimportant)
 	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
 	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
 	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
-	NOTE: GnuPG uses elgamal in hybrid mode so it is not affected
+	NOTE: GnuPG uses ElGamal in hybrid mode only.
 CVE-2018-6828
 	RESERVED
 CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/205e8413b32ec945f73cba1c06586c4cc23a00c5

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/205e8413b32ec945f73cba1c06586c4cc23a00c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180216/b24327a8/attachment.html>