Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: e365299f by Sylvain Beucler at 2023-06-03T17:08:35+02:00 CVE-2022-4304,CVE-2023-0465/openssl: reference additional fixes based on DSA-5417-1 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -23234,8 +23234,12 @@ CVE-2023-0465 (Applications that use a non-default option when verifying certifi - openssl 3.0.9-1 (bug #1034720) [buster] - openssl <no-dsa> (Minor issue) NOTE: https://www.openssl.org/news/secadv/20230328.txt - NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0) - NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable) + NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0.9) + NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d2f0d05807fc70c68dcc22bcc6979147782d4adf (openssl-3.0.9) + NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dda529ecc2d085488eef60235ef553dc5fd6e6dc (openssl-3.0.9) + NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable) + NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f675d164e5d9648c3537a0f5efe1cc2fd232b4a9 (OpenSSL_1_1_1-stable) + NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23a4cbeb3ad80da3830f760f624599f24236bc38 (OpenSSL_1_1_1-stable) CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...) {DSA-5417-1} - openssl 3.0.9-1 (bug #1034720) @@ -36157,8 +36161,11 @@ CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA Decryption {DSA-5343-1 DLA-3325-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt - NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8) - NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f (OpenSSL_1_1_1t) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8) (reverted in 908eaceb62624f5b5c505b286d904bd3a4e8a64a) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a00d757d9ca212994625d1a02c81cc5edd27e13b (openssl-3.0.9) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f (OpenSSL_1_1_1t) (reverted in 0372649a943fb23f7f08c7acdbc01464b9df03f0) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3f499b24f3bcd66db022074f7e8b4f6ee266a3ae (OpenSSL_1_1_1t) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8daa2616bbe6f7994e0cdd796d3280118c51d8d8 (OpenSSL_1_1_1t) CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes ...) NOT-FOR-US: WordPress plugin CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e365299f1e68345aeeede0f4ec83c9ba739aa09f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e365299f1e68345aeeede0f4ec83c9ba739aa09f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits