[Git][security-tracker-team/security-tracker][master] Reserve DLA-3449-1 for openssl

Thu Jun 8 17:19:26 BST 2023


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3ea2d11 by Sylvain Beucler at 2023-06-08T18:18:49+02:00
Reserve DLA-3449-1 for openssl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23912,14 +23912,12 @@ CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly
 CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ...)
 	{DSA-5417-1}
 	- openssl 3.0.9-1 (bug #1034720)
-	[buster] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (OpenSSL_1_1_1-stable)
 CVE-2023-0465 (Applications that use a non-default option when verifying certificates ...)
 	{DSA-5417-1}
 	- openssl 3.0.9-1 (bug #1034720)
-	[buster] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
 	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0.9)
 	NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d2f0d05807fc70c68dcc22bcc6979147782d4adf (openssl-3.0.9)
@@ -23930,7 +23928,6 @@ CVE-2023-0465 (Applications that use a non-default option when verifying certifi
 CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...)
 	{DSA-5417-1}
 	- openssl 3.0.9-1 (bug #1034720)
-	[buster] - openssl <no-dsa> (Minor issue)
 	NOTE: https://www.openssl.org/news/secadv/20230322.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 (openssl-3.0)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b (OpenSSL_1_1_1-stable)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Jun 2023] DLA-3449-1 openssl - security update
+	{CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-2650}
+	[buster] - openssl 1.1.1n-0+deb10u5
 [08 Jun 2023] DLA-3448-1 firefox-esr - security update
 	{CVE-2023-34414 CVE-2023-34416}
 	[buster] - firefox-esr 102.12.0esr-1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -106,10 +106,6 @@ openjdk-11 (Emilio)
   NOTE: 20230419: Added by Front-Desk (ola)
   NOTE: 20230522: waiting for sid/bullseye update (pochu)
 --
-openssl (Sylvain Beucler)
-  NOTE: 20230531: Added by Front-Desk (pochu)
-  NOTE: 20230531: also handle no-dsa issues (pochu)
---
 owslib (Adrian Bunk)
   NOTE: 20230514: Added by Front-Desk (utkarsh)
   NOTE: 20230514: also in dsa-needed. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ea2d115bf4158042dbc43f70dc1dd38c5009fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ea2d115bf4158042dbc43f70dc1dd38c5009fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230608/3bcc0892/attachment-0001.htm>
