[Git][security-tracker-team/security-tracker][master] Add note on CVE-2020-25658 and incorrect fix upstream
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Sep 26 07:59:41 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50adb3c4 by Salvatore Bonaccorso at 2021-09-26T08:58:56+02:00
Add note on CVE-2020-25658 and incorrect fix upstream
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69817,6 +69817,8 @@ CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher tim
[buster] - python-rsa <no-dsa> (Minor issue)
[stretch] - python-rsa <no-dsa> (Minor issue)
NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165
+ NOTE: Presumed fix upstream in 4.7 does not address the issue:
+ NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165#issuecomment-727580521
CVE-2020-25657 (A flaw was found in all released versions of m2crypto, where they are ...)
- m2crypto <unfixed> (bug #975002)
[bullseye] - m2crypto <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50adb3c4e01b3690f9000700170dc7a3bc1a9e81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50adb3c4e01b3690f9000700170dc7a3bc1a9e81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210926/83490806/attachment.htm>
More information about the debian-security-tracker-commits
mailing list