diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-28 20:40:36 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-28 20:45:19 +0100 |
commit | a81bb27318ad48581ed5950387be7c1c2c469051 (patch) | |
tree | 049f001e1238d17948ed340f804f4bd5115c3d59 /data/CVE/2021.list | |
parent | b3c4c631e78be8486cc929b078cf180fc7e61c5b (diff) |
Track CVE-2021-33560 and CVE-2021-40528
This got complex as the initial CVE assignment got swapped later.
Following other distributions we now recitify the old tracking.
This now was really a unnecessary burden, in particular because the
upstream repository commit reference will not swap the CVE in the commit
message, which I would expect can cause some further confusions.
Thus keep as well the notes about the swapping.
Diffstat (limited to 'data/CVE/2021.list')
-rw-r--r-- | data/CVE/2021.list | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index e940f6ace5..cc2ad6df0d 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -8657,7 +8657,7 @@ CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in T NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 -CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...) +CVE-2021-33560 - libgcrypt20 1.9.4-2 [bullseye] - libgcrypt20 <no-dsa> (Minor issue) [buster] - libgcrypt20 <no-dsa> (Minor issue) @@ -24987,7 +24987,7 @@ CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer NOT-FOR-US: Shopizer CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...) NOT-FOR-US: Shopizer -CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...) +CVE-2021-40528 {DLA-2691-1} - libgcrypt20 1.8.7-6 [buster] - libgcrypt20 1.8.4-5+deb10u1 |