[Git][security-tracker-team/security-tracker][master] 2 commits: Slightly rewrap one long line NOTE

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 26 20:43:12 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6b6e89c by Salvatore Bonaccorso at 2021-05-26T21:23:41+02:00
Slightly rewrap one long line NOTE

- - - - -
905d1ac3 by Salvatore Bonaccorso at 2021-05-26T21:42:46+02:00
Add CVE-2020-26558/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8097,7 +8097,9 @@ CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS
 	NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890
 	NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1)
 	NOTE: According to upstream, 1.x and 2.x are not vulnerable, the fix on these branches only backports more exhaustive PKCS#1 v1.5 support (functional change)
-	NOTE: According to upstream, 1.x and 2.x have the problem described as "incompatibility issue in phpseclib v1, v2, v3 (strict mode)'s RSA PKCS#1 v1.5 signature verification suffering from rejecting valid signatures whose encoded message uses implicit hash algorithm's NULL parameter." but this is not considered as a security problem.
+	NOTE: According to upstream, 1.x and 2.x have the problem described as "incompatibility issue in phpseclib v1, v2, v3 (strict mode)'s RSA PKCS#1 v1.5
+	NOTE: signature verification suffering from rejecting valid signatures whose encoded message uses implicit hash algorithm's NULL parameter." but
+	NOTE: this is not considered as a security problem.
 CVE-2021-30129
 	RESERVED
 CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...)
@@ -47167,7 +47169,10 @@ CVE-2020-26560 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 an
 CVE-2020-26559 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...)
 	TODO: check
 CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ...)
-	TODO: check
+	- linux <unfixed>
+	NOTE: https://kb.cert.org/vuls/id/799380
+	NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918602
 CVE-2020-26557 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...)
 	TODO: check
 CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f363294b0d4e54a23a7fd457a19ce28b2a653068...905d1ac30d1e6c4006990f3014dde1894996fab0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f363294b0d4e54a23a7fd457a19ce28b2a653068...905d1ac30d1e6c4006990f3014dde1894996fab0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210526/b264e303/attachment.htm>

More information about the debian-security-tracker-commits mailing list