[Git][security-tracker-team/security-tracker][master] Three CVEs fixed for wolfssl via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 28 19:47:45 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc250da9 by Salvatore Bonaccorso at 2021-12-28T20:47:14+01:00
Three CVEs fixed for wolfssl via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22218,7 +22218,7 @@ CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0
 	NOTE: https://launchpad.net/bugs/1938670
 	NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/
 CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...)
-	- wolfssl <unfixed> (bug #992174)
+	- wolfssl 5.0.0-1 (bug #992174)
 	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093
 CVE-2021-38596
@@ -25838,7 +25838,7 @@ CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b
 CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...)
-	- wolfssl <unfixed> (bug #991443)
+	- wolfssl 5.0.0-1 (bug #991443)
 	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/3990
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
@@ -58151,7 +58151,7 @@ CVE-2021-24118
 CVE-2021-24117 (In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in ...)
 	NOT-FOR-US: Rust SGX
 CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...)
-	- wolfssl <unfixed> (bug #991663)
+	- wolfssl 5.0.0-1 (bug #991663)
 	[bullseye] - wolfssl <no-dsa> (Minor issue)
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
 CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used for ce ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc250da97eb4ab84ea646691f28bfceb583bf658

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc250da97eb4ab84ea646691f28bfceb583bf658
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211228/f93c31e8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list