[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-1000613,bouncycastle: Jessie is not affected

Markus Koschany apo at debian.org
Tue Jul 17 21:25:27 BST 2018 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2d71d08 by Markus Koschany at 2018-07-17T22:23:40+02:00
CVE-2018-1000613,bouncycastle: Jessie is not affected

The XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57.

- - - - -
14cabe44 by Markus Koschany at 2018-07-17T22:24:34+02:00
Remove bouncycastle from dla-needed.txt.

- - - - -
b6db7023 by Markus Koschany at 2018-07-17T22:25:12+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1317,6 +1317,7 @@ CVE-2018-1000614 (ONOS ONOS Controller version 1.13.1 and earlier contains a XML
 CVE-2018-1000613 (Legion of the Bouncy Castle Legion of the Bouncy Castle Java ...)
 	- bouncycastle 1.60-1 (low)
 	[stretch] - bouncycastle <no-dsa> (Minor issue)
+	[jessie] - bouncycastle <not-affected> (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57)
 	NOTE: https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574
 	NOTE: https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc
 CVE-2018-1000611 (SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -19,8 +19,6 @@ ant (Abhijith PA)
 --
 blender
 --
-bouncycastle (Markus Koschany)
---
 busybox (Markus Koschany)
   NOTE: Update is ready and will be uploaded at the end of July when my updated
   NOTE: GPG key has been pushed to the keyring.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6e9cb130a1d046eec26b442c29d6b21b69bab837...b6db702345669673a81206f9e6af89a5a8c5d7fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6e9cb130a1d046eec26b442c29d6b21b69bab837...b6db702345669673a81206f9e6af89a5a8c5d7fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180717/2d668cdb/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list