[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2019-12904 for libgcrypt as not-affected in jessie

Thorsten Alteholz alteholz at debian.org
Sat Jun 29 22:55:42 BST 2019 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43cf9ee6 by Thorsten Alteholz at 2019-06-29T21:48:21Z
mark CVE-2019-12904 for libgcrypt as not-affected in jessie

- - - - -
0046b19c by Thorsten Alteholz at 2019-06-29T21:48:51Z
libgcrypt is not affected in jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -347,6 +347,7 @@ CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fi
 CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flu ...)
 	- libgcrypt20 <unfixed> (bug #930885)
 	- libgcrypt11 <removed>
+	[jessie] - libgcrypt20 <not-affected> (Vulnerable code introduced later in version 1.7.0)
 	NOTE: https://dev.gnupg.org/T4541
 	NOTE: https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
 	NOTE: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762


=====================================
data/dla-needed.txt
=====================================
@@ -57,8 +57,6 @@ libav
   NOTE: 20190529: has been found, so far. If you pick libav, be prepared to work
   NOTE: 20190529: out patches yourself.
 --
-libgcrypt20 (Thorsten Alteholz)
---
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at them.
   NOTE: triage work needed, help security team for fixes if needed.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd484a964f2f92b31ed89bc2f739621ff7380d0b...0046b19c933f73a1a7240b72933d3e347e9976db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd484a964f2f92b31ed89bc2f739621ff7380d0b...0046b19c933f73a1a7240b72933d3e347e9976db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190629/ae841098/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list