[Git][security-tracker-team/security-tracker][master] Add additional information for CVE-2021-238{39,40,41}/openssl

Salvatore Bonaccorso carnil at debian.org
Tue Feb 16 19:56:31 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53d58532 by Salvatore Bonaccorso at 2021-02-16T20:55:55+01:00
Add additional information for CVE-2021-238{39,40,41}/openssl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7831,22 +7831,25 @@ CVE-2021-23843
 	RESERVED
 CVE-2021-23842
 	RESERVED
-CVE-2021-23841
+CVE-2021-23841 [Null pointer deref in X509_issuer_and_serial_hash()]
 	RESERVED
 	- openssl <unfixed>
 	- openssl1.0 <removed>
 	NOTE: https://www.openssl.org/news/secadv/20210216.txt
-CVE-2021-23840
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j)
+CVE-2021-23840 [Integer overflow in CipherUpdate]
 	RESERVED
 	- openssl <unfixed>
 	- openssl1.0 <removed>
 	NOTE: https://www.openssl.org/news/secadv/20210216.txt
-CVE-2021-23839
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (OpenSSL_1_1_1j)
+CVE-2021-23839 [Incorrect SSLv2 rollback protection]
 	RESERVED
 	- openssl 1.0.0d-1
 	- openssl1.0 <not-affected> (SSL2 disabled before openssl1.0 was uploaded)
 	NOTE: https://www.openssl.org/news/secadv/20210216.txt
 	NOTE: SSL2 disabled since 1.0.0d-1 (1.0.0c-2 in experimental)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=901f1ef7dacb6b3bde63233a1f623e1fa2f0f058 (OpenSSL_1_1_1j)
 CVE-2021-23838 (An issue was discovered in flatCore before 2.0.0 build 139. A reflecte ...)
 	NOT-FOR-US: flatCore CMS
 CVE-2021-23837 (An issue was discovered in flatCore before 2.0.0 build 139. A time-bas ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53d58532753fa9e706c179fcafef14488d117183

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53d58532753fa9e706c179fcafef14488d117183
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210216/a47ed108/attachment.html>

More information about the debian-security-tracker-commits mailing list