[Git][security-tracker-team/security-tracker][master] CVE-2022-4304,CVE-2023-0465/openssl: reference additional fixes based on DSA-5417-1

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e365299f by Sylvain Beucler at 2023-06-03T17:08:35+02:00
CVE-2022-4304,CVE-2023-0465/openssl: reference additional fixes based on DSA-5417-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23234,8 +23234,12 @@ CVE-2023-0465 (Applications that use a non-default option when verifying certifi
 	- openssl 3.0.9-1 (bug #1034720)
 	[buster] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
-	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0)
-	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable)
+	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0.9)
+	NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d2f0d05807fc70c68dcc22bcc6979147782d4adf (openssl-3.0.9)
+	NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dda529ecc2d085488eef60235ef553dc5fd6e6dc (openssl-3.0.9)
+	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable)
+	NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f675d164e5d9648c3537a0f5efe1cc2fd232b4a9 (OpenSSL_1_1_1-stable)
+	NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23a4cbeb3ad80da3830f760f624599f24236bc38 (OpenSSL_1_1_1-stable)
 CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...)
 	{DSA-5417-1}
 	- openssl 3.0.9-1 (bug #1034720)
@@ -36157,8 +36161,11 @@ CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA Decryption
 	{DSA-5343-1 DLA-3325-1}
 	- openssl 3.0.8-1
 	NOTE: https://www.openssl.org/news/secadv/20230207.txt
-	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8)
-	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f (OpenSSL_1_1_1t)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8) (reverted in 908eaceb62624f5b5c505b286d904bd3a4e8a64a)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a00d757d9ca212994625d1a02c81cc5edd27e13b (openssl-3.0.9)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f (OpenSSL_1_1_1t) (reverted in 0372649a943fb23f7f08c7acdbc01464b9df03f0)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3f499b24f3bcd66db022074f7e8b4f6ee266a3ae (OpenSSL_1_1_1t)
+	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8daa2616bbe6f7994e0cdd796d3280118c51d8d8 (OpenSSL_1_1_1t)
 CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e365299f1e68345aeeede0f4ec83c9ba739aa09f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e365299f1e68345aeeede0f4ec83c9ba739aa09f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230603/2749accc/attachment.htm>