[Git][security-tracker-team/security-tracker][master] Track fixed version for openssl issue via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 7 21:17:17 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea70c914 by Salvatore Bonaccorso at 2023-02-07T22:16:40+01:00
Track fixed version for openssl issue via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4397,7 +4397,7 @@ CVE-2023-0402 (The Social Warfare plugin for WordPress is vulnerable to authoriz
 	NOT-FOR-US: Social Warfare plugin for WordPress
 CVE-2023-0401 [openssl: NULL dereference during PKCS7 data verification]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 3.0.8-1
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -5455,7 +5455,7 @@ CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been
 	NOT-FOR-US: ityouknow favorites-web
 CVE-2023-0286 [openssl: X.400 address type confusion in X.509 GeneralName]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658 (openssl-3.0.8)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 (OpenSSL_1_1_1t)
@@ -6644,21 +6644,21 @@ CVE-2023-0218
 	RESERVED
 CVE-2023-0217 [openssl: NULL dereference validating DSA public key]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 3.0.8-1
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23985bac83fd50c8e29431009302b5442f985096 (openssl-3.0.8)
 CVE-2023-0216 [openssl: Invalid pointer dereference in d2i_PKCS7 functions]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 3.0.8-1
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8)
 CVE-2023-0215 [openssl: Use-after-free following BIO_new_NDEF]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
 CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main releases 1 ...)
 	NOT-FOR-US: Skyhigh SWG
@@ -13356,7 +13356,7 @@ CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not valida
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4450 [openssl: Double free after calling PEM_read_bio_ex]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63bcf189be73a9cc1264059bed6f57974be74a83 (openssl-3.0.8)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bbcf509bd046b34cca19c766bbddc31683d0858b (OpenSSL_1_1_1t)
@@ -15375,7 +15375,7 @@ CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks a
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4304 [openssl: Timing Oracle in RSA Decryption]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f (OpenSSL_1_1_1t)
@@ -16564,7 +16564,7 @@ CVE-2022-4204
 	RESERVED
 CVE-2022-4203 [openssl: X.509 Name Constraints Read Buffer Overflow]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 3.0.8-1
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea70c914150716cbad34ed91519f756b12a28132

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea70c914150716cbad34ed91519f756b12a28132
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230207/ff8a548c/attachment.htm>

More information about the debian-security-tracker-commits mailing list