[Git][security-tracker-team/security-tracker][master] Add new CVE-2019-14853 and CVE-2019-14859 for python-ecdsa

Salvatore Bonaccorso carnil at debian.org
Sat Oct 12 08:47:51 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4adfc16 by Salvatore Bonaccorso at 2019-10-12T07:45:13Z
Add new CVE-2019-14853 and CVE-2019-14859 for python-ecdsa

Needs to be checked on the exact commits for each in case fixes want to
be backported.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7309,8 +7309,14 @@ CVE-2019-14861
 	RESERVED
 CVE-2019-14860
 	RESERVED
-CVE-2019-14859
+CVE-2019-14859 [DER encoding is not being verified in signatures]
 	RESERVED
+	- python-ecdsa 0.13.3-1
+	NOTE: https://github.com/warner/python-ecdsa/issues/114
+	NOTE: Upstream patches:
+	NOTE: https://github.com/warner/python-ecdsa/pull/115
+	NOTE: https://github.com/warner/python-ecdsa/pull/124
+	NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
 CVE-2019-14858 [sub parameters marked as no_log are not masked in certain failure scenarios]
 	RESERVED
 	- ansible <undetermined>
@@ -7330,6 +7336,12 @@ CVE-2019-14854
 	NOT-FOR-US: OpenShift
 CVE-2019-14853
 	RESERVED
+	- python-ecdsa 0.13.3-1
+	NOTE: https://github.com/warner/python-ecdsa/issues/114
+	NOTE: Upstream patches:
+	NOTE: https://github.com/warner/python-ecdsa/pull/115
+	NOTE: https://github.com/warner/python-ecdsa/pull/124
+	NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
 CVE-2019-14852
 	RESERVED
 CVE-2019-14851 [assertion failure by issuing commands in the wrong order]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4adfc1684715ff3f01704e7adba741c493f10be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4adfc1684715ff3f01704e7adba741c493f10be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191012/918dcda0/attachment.html>

More information about the debian-security-tracker-commits mailing list