[Git][security-tracker-team/security-tracker][master] Track fixed version for three openssl CVEs fixed via unstable

Salvatore Bonaccorso (@carnil) Sat, 03 Feb 2024 10:15:28 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2bf434b1 by Salvatore Bonaccorso at 2024-02-03T19:14:51+01:00
Track fixed version for three openssl CVEs fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1625,7 +1625,7 @@ CVE-2023-33757 (A lack of SSL certificate validation in 
Splicecom iPCS (iOS App)
 CVE-2024-0822 (An authentication bypass vulnerability was found in 
overt-engine. This ...)
        NOT-FOR-US: ovirt-engine
 CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file 
may lead ...)
-       - openssl <unfixed> (bug #1061582)
+       - openssl 3.1.5-1 (bug #1061582)
        [bookworm] - openssl <no-dsa> (Minor issue)
        [bullseye] - openssl <no-dsa> (Minor issue)
        [buster] - openssl <postponed> (Minor issue, DoS, Low severity)
@@ -3701,7 +3701,7 @@ CVE-2023-42135 (PAX A920Pro/A50 devices with 
PayDroid_8.1.0_Sagittarius_V11.1.50
 CVE-2023-42134 (PAX Android based POS devices with 
PayDroid_8.1.0_Sagittarius_V11.1.45 ...)
        NOT-FOR-US: PAX devices
 CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may 
take a long time]
-       - openssl <unfixed> (bug #1060858)
+       - openssl 3.1.5-1 (bug #1060858)
        [bookworm] - openssl <no-dsa> (Minor issue)
        [bullseye] - openssl <not-affected> (Only affects 3.x)
        [buster] - openssl <not-affected> (Only affects 3.x)
@@ -7751,7 +7751,7 @@ CVE-2023-6546 (A race condition was found in the GSM 0710 
tty multiplexor in the
 CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company 
Softomi Advanced C2C Marketplace Software
 CVE-2023-6129 (Issue summary: The POLY1305 MAC (message authentication code) 
implemen ...)
-       - openssl <unfixed> (bug #1060347)
+       - openssl 3.1.5-1 (bug #1060347)
        [bookworm] - openssl <no-dsa> (Minor issue; can be fixed later along 
with other issues)
        [bullseye] - openssl <not-affected> (Vulnerable code not present)
        [buster] - openssl <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bf434b1ce7d824cb9f92a685eca951dfa6977d6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bf434b1ce7d824cb9f92a685eca951dfa6977d6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for three openssl CVEs fixed via unstable

Reply via email to