Skip to content
Commits on Source (3)
Show whitespace changes
Inline Side-by-side
data/CVE/list
View file @ 4880f3ef
......@@ -854,11 +854,12 @@ CVE-2018-6830
CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...)
- libgcrypt20 <unfixed>
- libgcrypt11 <removed>
- gnupg1 <unfixed>
- gnupg <removed>
- gnupg1 <not-affected>
- gnupg <not-affected>
NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
NOTE: GnuPG uses elgamal in hybrid mode so it is not affected
CVE-2018-6828
RESERVED
CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates ...)
......@@ -1607,6 +1608,7 @@ CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases
- golang-1.7 <unfixed>
- golang <removed>
NOTE: https://github.com/golang/go/issues/23672
NOTE: similar to CVE-2017-15041, which was fixed in wheezy, but no-dsa in jessie and ignored in stretch
CVE-2018-6573
RESERVED
CVE-2018-6572
data/dla-needed.txt
View file @ 4880f3ef
......@@ -25,6 +25,8 @@ gcc-4.7 (Roberto C. Sánchez)
NOTE: Backport the retpoline support for spectre mitigation.
NOTE: Do we want/need it on this gcc version as well?
--
golang
--
icu (Thorsten Alteholz)
NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public
--
......@@ -43,6 +45,12 @@ libav (Hugo Lefeuvre)
NOTE: I am currently working on CVE triage but I will not be able to process the whole backlog until May.
NOTE: Help is welcome, feel free to mail Hugo.
--
leptonlib
NOTE: #885704 fix is incomplete and may require a CVE
NOTE: see also https://lists.debian.org/1518730488.2617.129.camel@decadent.org.uk
--
libgcrypt11
--
libmad (Kurt Roeckx)
--
libreoffice
......