[Git][security-tracker-team/security-tracker][master] 3 commits: Track fixes for wolfssl via bullseye-pu

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 16 22:13:42 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29fa2ee5 by Salvatore Bonaccorso at 2022-03-16T23:12:10+01:00
Track fixes for wolfssl via bullseye-pu

- - - - -
b4ba89f4 by Salvatore Bonaccorso at 2022-03-16T23:12:57+01:00
Drop listing of CVE-2021-3336, as it is already fixed

- - - - -
614531e8 by Salvatore Bonaccorso at 2022-03-16T23:13:17+01:00
Update information for CVE-2021-24116/wolfssl

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -75496,8 +75496,7 @@ CVE-2021-24118
 CVE-2021-24117 (In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in ...)
 	NOT-FOR-US: Rust SGX
 CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...)
-	- wolfssl 5.0.0-1 (bug #991663)
-	[bullseye] - wolfssl <no-dsa> (Minor issue)
+	- wolfssl 4.6.0-1 (bug #991663)
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
 CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used for ce ...)
 	- botan 2.17.3+dfsg-1


=====================================
data/next-point-update.txt
=====================================
@@ -144,3 +144,13 @@ CVE-2022-22721
 	[bullseye] - apache2 2.4.53-1~deb11u1
 CVE-2022-23943
 	[bullseye] - apache2 2.4.53-1~deb11u1
+CVE-2021-37155
+	[bullseye] - wolfssl 4.6.0+p1-1
+CVE-2021-38597
+	[bullseye] - wolfssl 4.6.0+p1-1
+CVE-2021-44718
+	[bullseye] - wolfssl 4.6.0+p1-1
+CVE-2022-25638
+	[bullseye] - wolfssl 4.6.0+p1-1
+CVE-2022-25640
+	[bullseye] - wolfssl 4.6.0+p1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e47b7ec300868b7260b2e48b2fd84da2856c643f...614531e88f848acd06b422663cb27b3e5a338e44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e47b7ec300868b7260b2e48b2fd84da2856c643f...614531e88f848acd06b422663cb27b3e5a338e44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220316/1b13c06c/attachment.htm>

More information about the debian-security-tracker-commits mailing list