[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Drop pyopenssl after further investigation.
Chris Lamb
lamby at debian.org
Fri Oct 12 16:49:05 BST 2018
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17dab33a by Chris Lamb at 2018-10-12T15:48:44Z
data/dla-needed.txt: Drop pyopenssl after further investigation.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -634,10 +634,12 @@ CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Inp
CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 ...)
- pyopenssl 17.5.0-1 (low)
[stretch] - pyopenssl <no-dsa> (Minor issue)
+ [wheezy] - pyopenssl <no-dsa> (Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method)
NOTE: https://github.com/pyca/pyopenssl/pull/723
NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...)
- pyopenssl 17.5.0-1
+ [wheezy] - pyopenssl <no-dsa> (Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method)
NOTE: https://github.com/pyca/pyopenssl/pull/723
NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 ...)
=====================================
data/dla-needed.txt
=====================================
@@ -66,8 +66,6 @@ poppler
NOTE: 20180928: Consider fixing no-dsa/ignored bugs as well since this is
NOTE: 20180928: frequently used package.
--
-pyopenssl (Chris Lamb)
---
salt
NOTE: 20180921: CVE-2017-7893 is not crucial since the managed system must be
NOTE: 20180921: compromised first. But the security escalation effect can cause
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/17dab33a7ab383cb7b60ce0a04abbb0720a7ab24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/17dab33a7ab383cb7b60ce0a04abbb0720a7ab24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181012/c2523e75/attachment.html>
More information about the debian-security-tracker-commits
mailing list