[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2018-1084{4,5}/gnutls28 as no-dsa for stretch

Salvatore Bonaccorso carnil at debian.org
Sat Oct 6 14:06:44 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7494819 by Salvatore Bonaccorso at 2018-10-06T13:05:09Z
Mark CVE-2018-1084{4,5}/gnutls28 as no-dsa for stretch

- - - - -
abb6a39e by Salvatore Bonaccorso at 2018-10-06T13:06:20Z
Record proposed fixes for gnutls28 via stretch-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18054,6 +18054,7 @@ CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads t
 	NOTE: https://eprint.iacr.org/2018/747
 CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 was ...)
 	- gnutls28 3.5.19-1
+	[stretch] - gnutls28 <no-dsa> (Will be fixed via pu)
 	- gnutls26 <removed>
 	NOTE: https://gitlab.com/gnutls/gnutls/issues/455
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/cc14ec5ece856cb083d64e6a5a8657323da661cb (master)
@@ -18062,6 +18063,7 @@ CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 was
 	NOTE: https://eprint.iacr.org/2018/747
 CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 was ...)
 	- gnutls28 3.5.19-1
+	[stretch] - gnutls28 <no-dsa> (Will be fixed via pu)
 	- gnutls26 <removed>
 	NOTE: https://gitlab.com/gnutls/gnutls/issues/456
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/29ffa2a1fa4cc396c5d1563a3e5cdca0174de28b (master)


=====================================
data/next-point-update.txt
=====================================
@@ -88,3 +88,7 @@ CVE-2018-5711
 	[stretch] - libgd2 2.2.4-2+deb9u3
 CVE-2018-1000222
 	[stretch] - libgd2 2.2.4-2+deb9u3
+CVE-2018-10844
+	[stretch] - gnutls28 3.5.8-5+deb9u4)
+CVE-2018-10845
+	[stretch] - gnutls28 3.5.8-5+deb9u4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/432e9cb2e21cb3425e36f3f46978c80d6a70eedc...abb6a39e8372fa1a5078692244557946dc5f8197

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/432e9cb2e21cb3425e36f3f46978c80d6a70eedc...abb6a39e8372fa1a5078692244557946dc5f8197
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181006/71b5e882/attachment.html>

More information about the debian-security-tracker-commits mailing list