[Git][security-tracker-team/security-tracker][master] new openssl issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 30 14:56:41 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc7e909c by Moritz Muehlenhoff at 2023-05-30T15:56:14+02:00
new openssl issue
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,8 @@
+CVE-2023-2650 [openssl Possible DoS translating ASN.1 object identifiers]
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20230530.txt
+ NOTE: https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 (OpenSSL_1_1_1-stable)
+ NOTE: https://github.com/openssl/openssl/commit/423a2bc737a908ad0c77bda470b2b59dc879936b (openssl-3.0)
CVE-2023-34205 (In Moov signedxml through 1.0.0, parsing the raw XML (as received) can ...)
TODO: check
CVE-2023-34204 (imapsync through 2.229 uses predictable paths under /tmp and /var/tmp ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -39,6 +39,8 @@ openjdk-11 (jmm)
--
openjdk-17 (jmm)
--
+openssl
+--
owslib
--
php-cas
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc7e909c5e89bf1ab225b8c8b382748a549ffa18
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc7e909c5e89bf1ab225b8c8b382748a549ffa18
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230530/0a243be5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list