Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a86514bc by Sylvain Beucler at 2019-07-07T11:06:35Z
CVE-2019-11841/golang-go.crypto: jessie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3800,6 +3800,9 @@ CVE-2019-11843
CVE-2019-11841 (A message-forgery issue was discovered in
crypto/openpgp/clearsign/cle ...)
- golang-go.crypto <unfixed>
NOTE:
https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
+ NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text")
+ NOTE: but not the first ("ignores the value of [the Hash] header"), as
hinted at reporter's 2019-05-09 note:
+ NOTE:
https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
CVE-2019-11840 (An issue was discovered in supplementary Go cryptography
libraries, ak ...)
{DLA-1840-1}
- golang-go.crypto <unfixed>
=====================================
data/dla-needed.txt
=====================================
@@ -32,6 +32,8 @@ freeimage
glib2.0 (Mike Gabriel)
NOTE: 20190626: https://lists.debian.org/debian-lts/2019/06/msg00031.html
--
+golang-go.crypto
+--
hdf5
NOTE: 20190511: upstream was not aware of our undetermined issues. They have
assigned
NOTE: a Jira issue for this: https://jira.hdfgroup.org/browse/HDFFV-10755
(hle)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a86514bc61e9d6901113936292eac5e6784f9c7a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a86514bc61e9d6901113936292eac5e6784f9c7a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
