[Git][security-tracker-team/security-tracker][master] Add CVE-2019-6690/python-gnupg

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c05f5a5 by Salvatore Bonaccorso at 2019-01-31T07:42:18Z
Add CVE-2019-6690/python-gnupg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1156,8 +1156,12 @@ CVE-2019-6692
 	RESERVED
 CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the ...)
 	NOT-FOR-US: phpwind
-CVE-2019-6690
+CVE-2019-6690 [improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt()]
 	RESERVED
+	- python-gnupg 0.4.4-1
+	NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
+	NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
+	NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
 CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework ...)
 	NOT-FOR-US: Jenkins
 CVE-2019-6689



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c05f5a530cdd6b1252c4f82cc6749e275c43c5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c05f5a530cdd6b1252c4f82cc6749e275c43c5b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190131/0f07e9ee/attachment.html>