Log

AVG-886 edited at 13 Oct 2019 15:25:05
Fixed
- 4.0.10-2
CVE-2019-14318 edited at 13 Oct 2019 14:33:25
References
https://seclists.org/oss-sec/2019/q4/3
https://minerva.crocs.fi.muni.cz/
+ https://github.com/weidai11/cryptopp/issues/869
+ https://github.com/weidai11/cryptopp/pull/870/commits/80c59bcdb251043f27eef95a4f31224c4615c3ec
+ https://github.com/weidai11/cryptopp/commit/c9ef9420e762
AVG-1046 created at 13 Oct 2019 14:31:28
Packages
+ crypto++
Issues
+ CVE-2019-14318
Status
+ Vulnerable
Severity
+ High
Affected
+ 8.2.0-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2019-14318 created at 13 Oct 2019 14:31:05
Severity
+ High
Remote
+ Remote
Type
+ Private key recovery
Description
+ A vulnerability has been found in the ECDSA/EdDSA implementation of crypto++ up to 8.2.0, allowing for practical recovery of the long-term private key.
References
+ https://seclists.org/oss-sec/2019/q4/3
+ https://minerva.crocs.fi.muni.cz/
Notes
AVG-1045 created at 13 Oct 2019 14:29:47
Packages
+ lib32-libgcrypt
Issues
+ CVE-2019-13627
Status
+ Fixed
Severity
+ High
Affected
+ 1.8.4-1
Fixed
+ 1.8.5-1
Ticket
Advisory qualified
+ No
References
Notes
AVG-1044 created at 13 Oct 2019 14:28:58
Packages
+ libgcrypt
Issues
+ CVE-2019-13627
Status
+ Fixed
Severity
+ High
Affected
+ 1.8.4-1
Fixed
+ 1.8.5-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2019-13627 created at 13 Oct 2019 14:27:58
Severity
+ High
Remote
+ Remote
Type
+ Private key recovery
Description
+ A vulnerability has been found in the ECDSA/EdDSA implementation of libgcrypt up to 1.8.4, allowing for practical recovery of the long-term private key.
References
+ https://seclists.org/oss-sec/2019/q4/3
+ https://minerva.crocs.fi.muni.cz/
Notes
AVG-1029 edited at 13 Oct 2019 14:24:05
Affected
- 14.2.1-1
+ 14.2.1-2
ASA-201910-8 edited at 11 Oct 2019 21:09:50
ASA-201910-7 edited at 11 Oct 2019 21:09:46