[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2020-36477/mbedtls as not-affected for buster and bullseye

Samuel Henrique (@samueloph) samueloph at debian.org
Sun Jul 24 16:47:29 BST 2022 


Samuel Henrique pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9b9b056 by Andrea Pappacoda at 2022-07-24T17:03:49+02:00
Mark CVE-2020-36477/mbedtls as not-affected for buster and bullseye

Buster and Bullseye both ship the 2.16 LTS branch of mbedtls, and as
[mentioned by upstream][1] "the bug was introduced in 2.18.0, so
it's not present in the [2.16] LTS branch".

Thanks to Utkarsh and Samuel for the help!

[1]: https://github.com/Mbed-TLS/mbedtls/pull/3554

- - - - -
035e6a98 by Samuel Henrique at 2022-07-24T15:47:19+00:00
Merge branch 'CVE-2020-36477-stable' into 'master'

Mark CVE-2020-36477/mbedtls as not-affected for buster and bullseye

See merge request security-tracker-team/security-tracker!112
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64168,6 +64168,8 @@ CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.
 CVE-2020-36477 (An issue was discovered in Mbed TLS before 2.24.0. The verification of ...)
 	[experimental] - mbedtls 2.28.0-0.1
 	- mbedtls 2.28.0-0.3
+	[bullseye] - mbedtls <not-affected> (2.16 not affected)
+	[buster] - mbedtls <not-affected> (2.16 not affected)
 	[stretch] - mbedtls <not-affected> (2.4 not affected)
 	NOTE: https://github.com/ARMmbed/mbedtls/issues/3498
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/f3e4bd8632b71dc491e52e6df87dc3e409d2b869 (development)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7678f6ec64c6cd46dd5e0ad73d98bb7b9bdfed4f...035e6a98e9d9826afc810f824da17658747067b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7678f6ec64c6cd46dd5e0ad73d98bb7b9bdfed4f...035e6a98e9d9826afc810f824da17658747067b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220724/160614d1/attachment.htm>

More information about the debian-security-tracker-commits mailing list