[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-5363/openssl

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 24 16:11:39 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
784048eb by Salvatore Bonaccorso at 2023-10-24T17:10:38+02:00
Add CVE-2023-5363/openssl

- - - - -
4a3dcab5 by Salvatore Bonaccorso at 2023-10-24T17:11:18+02:00
Add openssl to dsa-needed list

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50,6 +50,11 @@ CVE-2023-5721
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721
 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...)
 	NOT-FOR-US: Synology
+CVE-2023-5363 [Incorrect cipher key & IV length processing]
+	- openssl <unfixed>
+	[bullseye] - openssl <not-affected> (Vulnerable code not present)
+	[buster] - openssl <not-affected> (Vulnerable code not present)
+	NOTE: https://www.openssl.org/news/secadv/20231024.txt
 CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...)
 	NOT-FOR-US: Geeklog-Core geeklog
 CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -46,6 +46,8 @@ openjdk-11/oldstable (jmm)
 --
 openjdk-17 (jmm)
 --
+openssl (carnil)
+--
 php-cas/oldstable
 --
 php-horde-mime-viewer/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/170e0e91d9d251abf820adf84eb4ee6244834088...4a3dcab575e09aaf2632ec3a9e67c3fd18c5554e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/170e0e91d9d251abf820adf84eb4ee6244834088...4a3dcab575e09aaf2632ec3a9e67c3fd18c5554e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231024/76c442dc/attachment.htm>

More information about the debian-security-tracker-commits mailing list