[Git][security-tracker-team/security-tracker][master] Add two additional references for CVE-2023-31486
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 29 08:44:43 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
73985306 by Salvatore Bonaccorso at 2023-04-29T09:44:10+02:00
Add two additional references for CVE-2023-31486
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,6 +2,8 @@ CVE-2023-31486 [HTTP::Tiny insecure default TLS configuration]
- libhttp-tiny-perl <unfixed> (bug #962407; unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14
NOTE: https://github.com/chansen/p5-http-tiny/issues/134
+ NOTE: https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
+ NOTE: https://hackeriet.github.io/cpan-http-tiny-overview/
NOTE: Applications need to explicitly opt in to enable verification.
CVE-2023-31470 (SmartDNS through 41 before 56d0332 allows an out-of-bounds write becau ...)
NOT-FOR-US: SmartDNS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7398530698dcc7c48aef0ea8da333964688cacd2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7398530698dcc7c48aef0ea8da333964688cacd2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230429/5eb43c0e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list