[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-2511,openssl: buster is postponed

Markus Koschany (@apo) apo at debian.org
Thu Apr 18 22:08:23 BST 2024 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c90b39d0 by Markus Koschany at 2024-04-18T22:55:40+02:00
CVE-2024-2511,openssl: buster is postponed

because this is a minor issue and prevented in default configurations.

- - - - -
af013b74 by Markus Koschany at 2024-04-18T23:07:52+02:00
Add less to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4392,6 +4392,7 @@ CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cau
 	- openssl <unfixed> (bug #1068658)
 	[bookworm] - openssl <postponed> (Minor issue, fix along with next update round)
 	[bullseye] - openssl <postponed> (Minor issue, fix along with next update round)
+	[buster] - openssl <postponed> (Minor issue, fix along with next update round)
 	NOTE: https://www.openssl.org/news/secadv/20240408.txt
 	NOTE: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 (openssl-3.2.y)
 	NOTE: https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce (openssl-3.1.y)


=====================================
data/dla-needed.txt
=====================================
@@ -121,6 +121,9 @@ knot-resolver (Markus Koschany)
   NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk)
   NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs has been fixed in bullseye. (ola)
 --
+less
+  NOTE: 20240418: Added by Front-Desk (apo)
+--
 libpgjava (Markus Koschany)
   NOTE: 20240308: Added by Front-Desk (opal)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fe9060aaad459b6b25898d26453ccaab552caec5...af013b7456d90da40faa7d46e23271cd66c7254c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fe9060aaad459b6b25898d26453ccaab552caec5...af013b7456d90da40faa7d46e23271cd66c7254c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240418/bfdce97b/attachment.htm>

More information about the debian-security-tracker-commits mailing list