[Git][security-tracker-team/security-tracker][master] dla: add opencryptoki

Mon, 05 May 2025 04:28:14 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
baece56c by Sylvain Beucler at 2025-05-05T13:27:51+02:00
dla: add opencryptoki

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -137381,7 +137381,7 @@ CVE-2023-48127 (An issue in myGAKUYA mini-app on Line 
v13.6.1 allows attackers t
 CVE-2023-48126 (An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows 
attacke ...)
        NOT-FOR-US: Luxe Beauty Clinic mini-app on Line
 CVE-2024-0914 (A timing side-channel vulnerability has been discovered in the 
opencry ...)
-       - opencryptoki 3.23.0+dfsg-0.1
+       - opencryptoki 3.23.0+dfsg-0.1 (bug #1104729)
        [bookworm] - opencryptoki <no-dsa> (Minor issue)
        [bullseye] - opencryptoki <no-dsa> (Minor issue)
        [buster] - opencryptoki <postponed> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -278,6 +278,13 @@ openafs
   NOTE: 20250102: Looking at CVE-2024-10394 (abhijith)
   NOTE: 20250203: https://people.debian.org/~abhijith/upload/openafs_patches/ 
(abhijith)
 --
+opencryptoki
+  NOTE: 20250505: Added by Front-Desk (Beuc)
+  NOTE: 20250505: For CVE-2024-0914 ("Marvin Attack"),
+  NOTE: 20250505: we probably need to backport a few constant-time 
pre-requisite commits:
+  NOTE: 20250505: 
https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
+  NOTE: 20250505: Cf. #1104729 to determine whether fix or ignore this in all 
dists (Beuc/front-desk)
+--
 openjdk-11 (roberto)
   NOTE: 20250429: Added by Front-Desk (lamby)
   NOTE: 20250429: Suggested to also handle openjdk-17. (lamby)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baece56ccd14187ad6cb0733a2d4781375a3bdce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baece56ccd14187ad6cb0733a2d4781375a3bdce
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to