summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-11-28 20:40:36 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2021-11-28 20:45:19 +0100
commita04432a7989bed55af2c8d530f5dcb977f0ba757 (patch)
treeca73de1483964f5c406e5e88d18b94379cbb952e
parent333dda10d76c87fec9ad56dc9c003717d7b4d538 (diff)
Track CVE-2021-33560 and CVE-2021-40528
This got complex as the initial CVE assignment got swapped later. Following other distributions we now recitify the old tracking. This now was really a unnecessary burden, in particular because the upstream repository commit reference will not swap the CVE in the commit message, which I would expect can cause some further confusions. Thus keep as well the notes about the swapping.
-rw-r--r--data/CVE/list.20214
-rw-r--r--data/DLA/list2
2 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index e940f6ace5..cc2ad6df0d 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -8657,7 +8657,7 @@ CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in T
NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2
NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
-CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...)
+CVE-2021-33560
- libgcrypt20 1.9.4-2
[bullseye] - libgcrypt20 <no-dsa> (Minor issue)
[buster] - libgcrypt20 <no-dsa> (Minor issue)
@@ -24987,7 +24987,7 @@ CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer
NOT-FOR-US: Shopizer
CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...)
NOT-FOR-US: Shopizer
-CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...)
+CVE-2021-40528
{DLA-2691-1}
- libgcrypt20 1.8.7-6
[buster] - libgcrypt20 1.8.4-5+deb10u1
diff --git a/data/DLA/list b/data/DLA/list
index 911d1fa04d..e65cfc93ef 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -428,7 +428,7 @@
{CVE-2020-26558 CVE-2021-0129}
[stretch] - bluez 5.43-2+deb9u4
[25 Jun 2021] DLA-2691-1 libgcrypt20 - security update
- {CVE-2021-33560}
+ {CVE-2021-40528}
[stretch] - libgcrypt20 1.7.6-2+deb9u4
[22 Jun 2021] DLA-2690-1 linux-4.19 - security update
{CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-26139 CVE-2020-26147 CVE-2020-26558 CVE-2020-29374 CVE-2021-0129 CVE-2021-23133 CVE-2021-23134 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29647 CVE-2021-29650 CVE-2021-31829 CVE-2021-31916 CVE-2021-32399 CVE-2021-33034 CVE-2021-3483 CVE-2021-3506 CVE-2021-3564 CVE-2021-3573 CVE-2021-38208}

© 2014-2024 Faster IT GmbH | imprint | privacy policy