[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2023-50781/m2crypto as no-dsa for buster

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Mon Dec 18 01:20:22 GMT 2023 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80784869 by Utkarsh Gupta at 2023-12-17T19:11:18+05:30
Mark CVE-2023-50781/m2crypto as no-dsa for buster

- - - - -
0984517a by Utkarsh Gupta at 2023-12-17T19:12:38+05:30
Mark CVE-2023-50782/python-cryptography as no-dsa for buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1020,12 +1020,14 @@ CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allow
 	NOT-FOR-US: DedeBIZ
 CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659]
 	- python-cryptography <unfixed>
+	[buster] - python-cryptography <no-dsa> (Minor issue; it's an incomplete fix of CVE-2020-25659)
 	NOTE: https://github.com/pyca/cryptography/issues/9785
 	NOTE: https://people.redhat.com/~hkario/marvin/
 	NOTE: https://github.com/openssl/openssl/pull/13817
 	NOTE: CVE is for incomplete fix of CVE-2020-25659
 CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657]
 	- m2crypto <unfixed>
+	[buster] - m2crypto <no-dsa> (Minor issue; it's an incomplete fix of CVE-2020-25657)
 	NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/342
 	NOTE: https://people.redhat.com/~hkario/marvin/
 	NOTE: https://github.com/openssl/openssl/pull/13817



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6ddd928fb898804ab7bd2397eca2ba0450f1b020...0984517a81a03ab3c8e02802b7ff172805778e6f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6ddd928fb898804ab7bd2397eca2ba0450f1b020...0984517a81a03ab3c8e02802b7ff172805778e6f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231218/92608644/attachment.htm>

More information about the debian-security-tracker-commits mailing list