Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f90c445 by Salvatore Bonaccorso at 2025-04-15T20:34:55+02:00
Track removal of liboqs from unstable
- - - - -
bf1e8107 by Salvatore Bonaccorso at 2025-04-15T20:35:20+02:00
Track removal of liboqs from all supported suites
- - - - -
2 changed files:
- data/CVE/list
- data/packages/removed-packages
Changes:
=====================================
data/CVE/list
=====================================
@@ -41248,7 +41248,7 @@ CVE-2024-54143 (openwrt/asu is an image on demand
server for OpenWrt based distr
CVE-2024-54141 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
NOT-FOR-US: phpMyFAQ
CVE-2024-54137 (liboqs is a C-language cryptographic library that provides
implementat ...)
- - liboqs <unfixed> (bug #1089185)
+ - liboqs <removed> (bug #1089185)
NOTE:
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7
NOTE: Fixed by:
https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24
(0.12.0-rc1)
CVE-2024-54136 (ClipBucket V5 provides open source video hosting with PHP.
ClipBucket- ...)
@@ -88418,7 +88418,7 @@ CVE-2024-36407 (SuiteCRM is an open-source Customer
Relationship Management (CRM
CVE-2024-36406 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
NOT-FOR-US: SuiteCRM
CVE-2024-36405 (liboqs is a C-language cryptographic library that provides
implementat ...)
- - liboqs <unfixed> (bug #1073250)
+ - liboqs <removed> (bug #1073250)
NOTE:
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp
NOTE:
https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91
(main)
NOTE:
https://github.com/open-quantum-safe/liboqs/commit/fbfac754585d788c19b49cac569e4e2ea182f579
(0.10.1-rc1)
@@ -92100,7 +92100,7 @@ CVE-2024-33470 (An issue in the SMTP Email Settings of
AVTECH Room Alert 4E v4.4
CVE-2024-33427
REJECTED
CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote
attacker t ...)
- - liboqs <unfixed> (bug #1072118)
+ - liboqs <removed> (bug #1072118)
NOTE: https://github.com/liang-junkai/Fault-injection-of-ML-DSA
CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.)
NOT-FOR-US: Kwik
=====================================
data/packages/removed-packages
=====================================
@@ -1075,3 +1075,4 @@ flask-appbuilder
zeek
postgresql-16
ruby3.2
+liboqs
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a9dda5b1d7ffa311d1c91c962f3162017f4ecbbd...bf1e8107b53f5f1b9d2329b198c3a541e53c620a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a9dda5b1d7ffa311d1c91c962f3162017f4ecbbd...bf1e8107b53f5f1b9d2329b198c3a541e53c620a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
