subject:"Bug#1063534\: libjwt\: CVE\-2024\-25189"

Bug#1063534: [Debian-iot-maintainers] Bug#1063534: libjwt: CVE-2024-25189

2024-02-09 Thread Moritz Muehlenhoff

On Fri, Feb 09, 2024 at 04:40:31PM +0100, Thorsten Alteholz wrote: > Hi Moritz, > > thanks for the bug. Upstream knows about the issue and already fixed it [1] > + [2]. Thanks. I think the real worl impact is pretty negligible, it's enough to land a fix for the next release, but not for released

Bug#1063534: [Debian-iot-maintainers] Bug#1063534: libjwt: CVE-2024-25189

2024-02-09 Thread Thorsten Alteholz

Hi Moritz, thanks for the bug. Upstream knows about the issue and already fixed it [1] + [2]. Thorsten [1] https://github.com/benmcollins/libjwt/commit/f73bac57c5bece16ac24f1a70022aa34355fc1bf [2] https://github.com/benmcollins/libjwt/commit/a5d61ef4f1b383876e0a78534383f38159471fd6

Bug#1063534: libjwt: CVE-2024-25189

2024-02-09 Thread Moritz Mühlenhoff

Source: libjwt X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libjwt. CVE-2024-25189[0]: | libjwt 1.15.3 uses strcmp (which is not constant time) to verify | authentication, which makes it easier to bypass authenticatio

Bug#1063534: [Debian-iot-maintainers] Bug#1063534: libjwt: CVE-2024-25189

Bug#1063534: [Debian-iot-maintainers] Bug#1063534: libjwt: CVE-2024-25189

Bug#1063534: libjwt: CVE-2024-25189

3 matches

Site Navigation

Mail list logo

Footer information