[Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2022-37454

Fri Nov 4 18:39:06 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b503a09 by Salvatore Bonaccorso at 2022-11-04T19:38:35+01:00
Add additional reference for CVE-2022-37454

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21391,6 +21391,7 @@ CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef ha
 	NOTE: Versions which have the OpenSSL sha3 delegation are not affected by the issue and only ship
 	NOTE: source-wise the bundled _sha3 XKCP module code.
 	NOTE: OpenSSL sha3 delegation added in https://github.com/python/cpython/commit/d5b3f6b7f9fc74438009af63f1de01bd77be9385 (v3.9.0b1)
+	NOTE: https://python-security.readthedocs.io/vuln/sha3-buffer-overflow.html
 	NOTE: pypy3 fix: https://foss.heptapod.net/pypy/pypy/-/commit/860b897b2611a4099ef9c63ce848fdec89c74b31
 	TODO: check affected packages
 CVE-2022-37453 (An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b503a094847a0de35972a31987b021e7ce4b8aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b503a094847a0de35972a31987b021e7ce4b8aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221104/54e68583/attachment.htm>
