[Git][security-tracker-team/security-tracker][master] Add some commit references for openssl issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 7 17:21:17 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04ee836e by Salvatore Bonaccorso at 2023-02-07T18:20:45+01:00
Add some commit references for openssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4244,6 +4244,7 @@ CVE-2023-0401 [openssl: NULL dereference during PKCS7 data verification]
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3b6dfd70db844c4499bec6ad6601623a565e674 (openssl-3.0.8)
 CVE-2023-0400 (The protection bypass vulnerability in DLP for Windows 11.9.x is addre ...)
 	NOT-FOR-US: DLP for Windows
 CVE-2023-0399
@@ -5299,6 +5300,8 @@ CVE-2023-0286 [openssl: X.400 address type confusion in X.509 GeneralName]
 	RESERVED
 	- openssl <unfixed>
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658 (openssl-3.0.8)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 (OpenSSL_1_1_1t)
 CVE-2023-0285
 	RESERVED
 CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows a ...)
@@ -6488,12 +6491,14 @@ CVE-2023-0217 [openssl: NULL dereference validating DSA public key]
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23985bac83fd50c8e29431009302b5442f985096 (openssl-3.0.8)
 CVE-2023-0216 [openssl: Invalid pointer dereference in d2i_PKCS7 functions]
 	RESERVED
 	- openssl <unfixed>
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8)
 CVE-2023-0215 [openssl: Use-after-free following BIO_new_NDEF]
 	RESERVED
 	- openssl <unfixed>
@@ -13198,6 +13203,8 @@ CVE-2022-4450 [openssl: Double free after calling PEM_read_bio_ex]
 	RESERVED
 	- openssl <unfixed>
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63bcf189be73a9cc1264059bed6f57974be74a83 (openssl-3.0.8)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bbcf509bd046b34cca19c766bbddc31683d0858b (OpenSSL_1_1_1t)
 CVE-2022-4449 (The Page scroll to id WordPress plugin before 1.7.6 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4448
@@ -15215,6 +15222,8 @@ CVE-2022-4304 [openssl: Timing Oracle in RSA Decryption]
 	RESERVED
 	- openssl <unfixed>
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f (OpenSSL_1_1_1t)
 CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...)
@@ -16398,6 +16407,7 @@ CVE-2022-4203 [openssl: X.509 Name Constraints Read Buffer Overflow]
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8)
 CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...)
 	- gpac <undetermined>
 	TODO: check details



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04ee836e853ed2281ed14c3a9135b61393fd5921

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04ee836e853ed2281ed14c3a9135b61393fd5921
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230207/2235a30d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list