[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3798/opencryptoki
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 15 07:52:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
733efb14 by Salvatore Bonaccorso at 2021-09-15T08:52:09+02:00
Add CVE-2021-3798/opencryptoki
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -430,8 +430,12 @@ CVE-2021-3799
CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...)
- atftp <unfixed>
NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
-CVE-2021-3798
+CVE-2021-3798 [Soft token does not check if an EC key is valid]
RESERVED
+ - opencryptoki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780
+ NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0)
+ NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0
CVE-2021-40865
RESERVED
CVE-2021-3797
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/733efb14f4a3fe2dbcd93ef4b67e4cadb313ae23
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/733efb14f4a3fe2dbcd93ef4b67e4cadb313ae23
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210915/bac057b3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list