[Git][security-tracker-team/security-tracker][master] Triage CVE-2024-28834/gnutls28 for buster LTS.
Guilhem Moulin (@guilhem)
guilhem at debian.org
Wed Apr 3 12:19:17 BST 2024
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f4cd486e by Guilhem Moulin at 2024-04-03T13:18:32+02:00
Triage CVE-2024-28834/gnutls28 for buster LTS.
Deterministic ECDSA/DSA [RFC6979] support was added in 3.6.10
https://lists.gnupg.org/pipermail/gnutls-help/2019-September/004574.html
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3511,9 +3511,12 @@ CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash
CVE-2024-28834 (A flaw was found in GnuTLS. The Minerva attack is a cryptographic vuln ...)
[experimental] - gnutls28 3.8.4-1
- gnutls28 3.8.4-2 (bug #1067464)
+ [buster] - gnutls28 <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1516
NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04
+ NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1c4701ffc342259fc5965d5a0de90d87f780e3e5
+ NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/merge_requests/1051 (gnutls_3_6_10)
CVE-2024-28635 (Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v. ...)
NOT-FOR-US: SurveyJS Survey Creator
CVE-2024-25294 (An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sens ...)
=====================================
data/dla-needed.txt
=====================================
@@ -87,9 +87,6 @@ frr
NOTE: 20240206: Continuing fixing the remaining issues (abhijith)
NOTE: 20240301: continue work (abhijith)
--
-gnutls28 (guilhem)
- NOTE: 20240323: Added by Front-Desk (ta)
---
gtkwave
NOTE: 20240116: Added by Front-Desk (lamby)
NOTE: 20240116: For CVE-2023-32650 etc. (lamby)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4cd486e5e92d36c48f328d1599990c08e0eb8fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4cd486e5e92d36c48f328d1599990c08e0eb8fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240403/529487c5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list