[Git][security-tracker-team/security-tracker][master] mark gnupg1 as unimportant

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 24 22:02:58 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19fcbd79 by Moritz Muehlenhoff at 2023-04-24T23:02:30+02:00
mark gnupg1 as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -273843,11 +273843,7 @@ CVE-2019-14855 (A flaw was found in the way certificate signatures could be forg
 	[buster] - gnupg2 <ignored> (Minor issue)
 	[stretch] - gnupg2 <no-dsa> (Minor issue)
 	[jessie] - gnupg2 <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
-	- gnupg1 <unfixed> (low)
-	[bookworm] - gnupg1 <ignored> (Minor issue)
-	[bullseye] - gnupg1 <ignored> (Minor issue)
-	[buster] - gnupg1 <ignored> (Minor issue)
-	[stretch] - gnupg1 <no-dsa> (Minor issue)
+	- gnupg1 <unfixed> (unimportant)
 	- gnupg <removed> (low)
 	[jessie] - gnupg <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
 	NOTE: https://dev.gnupg.org/T4755
@@ -273855,6 +273851,7 @@ CVE-2019-14855 (A flaw was found in the way certificate signatures could be forg
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dd18be979e138dd3712315ee390463e8ee1fe8c1
 	NOTE: https://eprint.iacr.org/2020/014.pdf
+	NOTE: Negligible security impact for gnupg1 which is only provided to decrypt legacy secrets
 CVE-2019-14854 (OpenShift Container Platform 4 does not sanitize secret data written t ...)
 	NOT-FOR-US: OpenShift
 CVE-2019-14853 (An error-handling flaw was found in python-ecdsa before version 0.13.3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19fcbd79fc2331d7cbad6ab1907e11d919f80a9c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19fcbd79fc2331d7cbad6ab1907e11d919f80a9c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230424/a66a01fc/attachment.htm>

More information about the debian-security-tracker-commits mailing list