[Git][security-tracker-team/security-tracker][master] Track fixed version for wolfssl issues via unstable

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c370e17b by Salvatore Bonaccorso at 2020-09-16T06:26:20+02:00
Track fixed version for wolfssl issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2063,7 +2063,7 @@ CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the in
 CVE-2020-24615
 	RESERVED
 CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...)
-	- wolfssl <unfixed> (bug #969663)
+	- wolfssl 4.5.0+dfsg-1 (bug #969663)
 	NOTE: https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/
 CVE-2020-24612 (An issue was discovered in the selinux-policy (aka Reference Policy) p ...)
 	- refpolicy <not-affected> (Debian package doesn't ship pam-u2f config)
@@ -2120,7 +2120,7 @@ CVE-2020-24587
 CVE-2020-24586
 	RESERVED
 CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in wolfSS ...)
-	- wolfssl <unfixed> (bug #969663)
+	- wolfssl 4.5.0+dfsg-1 (bug #969663)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/3219
 	NOTE: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable)
 CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
@@ -21325,7 +21325,7 @@ CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php downloa
 CVE-2020-15310
 	RESERVED
 CVE-2020-15309 (An issue was discovered in wolfSSL before 4.5.0, when single precision ...)
-	- wolfssl <unfixed> (bug #969663)
+	- wolfssl 4.5.0+dfsg-1 (bug #969663)
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
 CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...)
 	NOT-FOR-US: Support Incident Tracker
@@ -28750,7 +28750,7 @@ CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765
 	NOTE: https://github.com/grafana/grafana/issues/8283
 CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...)
-	- wolfssl <unfixed> (bug #969663)
+	- wolfssl 4.5.0+dfsg-1 (bug #969663)
 	NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/2927
 CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c370e17b14adb78648f4b5a01bbe4c00a0701536

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c370e17b14adb78648f4b5a01bbe4c00a0701536
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200916/1d3dab78/attachment.html>