CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted

To: debian-security-tracker@lists.debian.org
Subject: CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 09 Jan 2025 11:09:47 +1300
Message-id: <[🔎] 5afb5bc2056063fbc752caf27765b6b54cd984d5.camel@samba.org>

libcryptx-perl 0.65 (upstream commit
32f1d210ed6300b8e82f46f1b983f7316aa7eaf9) is the first version to have
the fix for CVE-2019-17362 by my analysis for the bundled libtomcrypt.

It would be awesome for others if the 
https://security-tracker.debian.org/tracker/CVE-2019-17362 page had
this information also.

BTW, What is the right way to then alert the LTS team to allow them to
either apply the patch or mark it as wont-fix?

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

Reply to:

Follow-Ups:
- Re: CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: Re: CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted
Previous by thread: External check
Next by thread: Re: CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted
Index(es):
- Date
- Thread