[Git][security-tracker-team/security-tracker][master] Add temporary descriptions and upstream tag information for commits on openssl issues

Tue May 3 16:36:15 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5fe78fe7 by Salvatore Bonaccorso at 2022-05-03T17:34:55+02:00
Add temporary descriptions and upstream tag information for commits on openssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -962,12 +962,12 @@ CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg 5.0.1 and i
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d (n4.3.4)
 CVE-2022-1474
 	RESERVED
-CVE-2022-1473
+CVE-2022-1473 [Resource leakage when decoding certificates and keys]
 	RESERVED
 	[experimental] - openssl <unfixed>
 	- openssl <not-affected> (Only affects OpenSSL 3.0)
 	NOTE: https://www.openssl.org/news/secadv/20220503.txt
-	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1 (openssl-3.0.3)
 CVE-2022-1472
 	RESERVED
 CVE-2022-1471
@@ -1541,12 +1541,12 @@ CVE-2022-1436
 	RESERVED
 CVE-2022-1435
 	RESERVED
-CVE-2022-1434
+CVE-2022-1434 [Incorrect MAC key used in the RC4-MD5 ciphersuite]
 	RESERVED
 	[experimental] - openssl <unfixed>
 	- openssl <not-affected> (Only affects OpenSSL 3.0)
 	NOTE: https://www.openssl.org/news/secadv/20220503.txt
-	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3)
 CVE-2022-1433
 	RESERVED
 CVE-2022-1432
@@ -2638,12 +2638,12 @@ CVE-2022-29158
 	RESERVED
 CVE-2022-1344 (Stored XSS due to no sanitization in the filename in GitHub repository ...)
 	NOT-FOR-US: organizr
-CVE-2022-1343
+CVE-2022-1343 [OCSP_basic_verify may incorrectly verify the response signing certificate]
 	RESERVED
 	[experimental] - openssl <unfixed>
 	- openssl <not-affected> (Only affects OpenSSL 3.0)
 	NOTE: https://www.openssl.org/news/secadv/20220503.txt
-	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a (openssl-3.0.3)
 CVE-2022-1342
 	RESERVED
 CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ...)
@@ -3090,11 +3090,12 @@ CVE-2022-1294
 	RESERVED
 CVE-2022-1293
 	RESERVED
-CVE-2022-1292
+CVE-2022-1292 [The c_rehash script allows command injection]
 	RESERVED
 	- openssl <unfixed>
 	NOTE: https://www.openssl.org/news/secadv/20220503.txt
-	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 (openssl-3.0.3)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 (OpenSSL_1_1_1o)
 CVE-2022-29027
 	RESERVED
 CVE-2022-29026



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fe78fe7130537c1fe98cae027628f1a4abcf6d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fe78fe7130537c1fe98cae027628f1a4abcf6d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220503/876dcc13/attachment.htm>
