Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2bf434b1 by Salvatore Bonaccorso at 2024-02-03T19:14:51+01:00 Track fixed version for three openssl CVEs fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1625,7 +1625,7 @@ CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS App) CVE-2024-0822 (An authentication bypass vulnerability was found in overt-engine. This ...) NOT-FOR-US: ovirt-engine CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file may lead ...) - - openssl <unfixed> (bug #1061582) + - openssl 3.1.5-1 (bug #1061582) [bookworm] - openssl <no-dsa> (Minor issue) [bullseye] - openssl <no-dsa> (Minor issue) [buster] - openssl <postponed> (Minor issue, DoS, Low severity) @@ -3701,7 +3701,7 @@ CVE-2023-42135 (PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50 CVE-2023-42134 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45 ...) NOT-FOR-US: PAX devices CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may take a long time] - - openssl <unfixed> (bug #1060858) + - openssl 3.1.5-1 (bug #1060858) [bookworm] - openssl <no-dsa> (Minor issue) [bullseye] - openssl <not-affected> (Only affects 3.x) [buster] - openssl <not-affected> (Only affects 3.x) @@ -7751,7 +7751,7 @@ CVE-2023-6546 (A race condition was found in the GSM 0710 tty multiplexor in the CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software CVE-2023-6129 (Issue summary: The POLY1305 MAC (message authentication code) implemen ...) - - openssl <unfixed> (bug #1060347) + - openssl 3.1.5-1 (bug #1060347) [bookworm] - openssl <no-dsa> (Minor issue; can be fixed later along with other issues) [bullseye] - openssl <not-affected> (Vulnerable code not present) [buster] - openssl <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bf434b1ce7d824cb9f92a685eca951dfa6977d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bf434b1ce7d824cb9f92a685eca951dfa6977d6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits