[Git][security-tracker-team/security-tracker][master] Add new wolfssl issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aab1b0ef by Salvatore Bonaccorso at 2024-08-28T07:53:02+02:00
Add new wolfssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,11 +41,18 @@ CVE-2024-6633 (The default credentials for the setup HSQL database (HSQLDB) for
 CVE-2024-6632 (A vulnerability exists in FileCatalyst Workflow whereby a field access ...)
 	NOT-FOR-US: FileCatalyst Workflow
 CVE-2024-5991 (In function MatchDomainName(), input param str is treated as a NULL te ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/7604
 CVE-2024-5814 (A malicious TLS1.2 server can force a TLS1.3 client with downgrade cap ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/7619
+	NOTE: https://tches.iacr.org/index.php/TCHES/article/view/11259
 CVE-2024-5288 (An issue was discovered in wolfSSL before 5.7.0. A safe-error attack v ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/7416
 CVE-2024-4872 (The product does not validate any query towards persistent data, resul ...)
 	NOT-FOR-US: Hitachi
 CVE-2024-45264 (A cross-site request forgery (CSRF) vulnerability in the admin panel i ...)
@@ -77,7 +84,9 @@ CVE-2024-3980 (The product allows user input to control or influence paths or fi
 CVE-2024-36068 (An incorrect access control vulnerability in Rubrik CDM versions prior ...)
 	NOT-FOR-US: Rubrik CDM
 CVE-2024-1544 (Generating the ECDSA nonce k samples a random number r and then  trunc ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/7020
 CVE-2024-8046 (The Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Gr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7989



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab1b0ef2f4dbbd252986dc35e735558ab4d94ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab1b0ef2f4dbbd252986dc35e735558ab4d94ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240828/61ac37f8/attachment.htm>