Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e365299f by Sylvain Beucler at 2023-06-03T17:08:35+02:00
CVE-2022-4304,CVE-2023-0465/openssl: reference additional fixes based on
DSA-5417-1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23234,8 +23234,12 @@ CVE-2023-0465 (Applications that use a non-default
option when verifying certifi
- openssl 3.0.9-1 (bug #1034720)
[buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
- NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
(openssl-3.0)
- NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95
(OpenSSL_1_1_1-stable)
+ NOTE: Fixed by:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
(openssl-3.0.9)
+ NOTE: Test:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d2f0d05807fc70c68dcc22bcc6979147782d4adf
(openssl-3.0.9)
+ NOTE: Test:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dda529ecc2d085488eef60235ef553dc5fd6e6dc
(openssl-3.0.9)
+ NOTE: Fixed by:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95
(OpenSSL_1_1_1-stable)
+ NOTE: Test:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f675d164e5d9648c3537a0f5efe1cc2fd232b4a9
(OpenSSL_1_1_1-stable)
+ NOTE: Test:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23a4cbeb3ad80da3830f760f624599f24236bc38
(OpenSSL_1_1_1-stable)
CVE-2023-0464 (A security vulnerability has been identified in all supported
versions ...)
{DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
@@ -36157,8 +36161,11 @@ CVE-2022-4304 (A timing based side channel exists in
the OpenSSL RSA Decryption
{DSA-5343-1 DLA-3325-1}
- openssl 3.0.8-1
NOTE: https://www.openssl.org/news/secadv/20230207.txt
- NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d
(openssl-3.0.8)
- NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f
(OpenSSL_1_1_1t)
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d
(openssl-3.0.8) (reverted in 908eaceb62624f5b5c505b286d904bd3a4e8a64a)
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a00d757d9ca212994625d1a02c81cc5edd27e13b
(openssl-3.0.9)
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f
(OpenSSL_1_1_1t) (reverted in 0372649a943fb23f7f08c7acdbc01464b9df03f0)
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3f499b24f3bcd66db022074f7e8b4f6ee266a3ae
(OpenSSL_1_1_1t)
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8daa2616bbe6f7994e0cdd796d3280118c51d8d8
(OpenSSL_1_1_1t)
CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4
prioritizes ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes
user inpu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e365299f1e68345aeeede0f4ec83c9ba739aa09f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e365299f1e68345aeeede0f4ec83c9ba739aa09f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
