[Git][security-tracker-team/security-tracker][master] Track fixed version for three openssl CVEs fixed via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 3 18:15:22 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2bf434b1 by Salvatore Bonaccorso at 2024-02-03T19:14:51+01:00
Track fixed version for three openssl CVEs fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1625,7 +1625,7 @@ CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS App)
CVE-2024-0822 (An authentication bypass vulnerability was found in overt-engine. This ...)
NOT-FOR-US: ovirt-engine
CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file may lead ...)
- - openssl <unfixed> (bug #1061582)
+ - openssl 3.1.5-1 (bug #1061582)
[bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <no-dsa> (Minor issue)
[buster] - openssl <postponed> (Minor issue, DoS, Low severity)
@@ -3701,7 +3701,7 @@ CVE-2023-42135 (PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50
CVE-2023-42134 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45 ...)
NOT-FOR-US: PAX devices
CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may take a long time]
- - openssl <unfixed> (bug #1060858)
+ - openssl 3.1.5-1 (bug #1060858)
[bookworm] - openssl <no-dsa> (Minor issue)
[bullseye] - openssl <not-affected> (Only affects 3.x)
[buster] - openssl <not-affected> (Only affects 3.x)
@@ -7751,7 +7751,7 @@ CVE-2023-6546 (A race condition was found in the GSM 0710 tty multiplexor in the
CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software
CVE-2023-6129 (Issue summary: The POLY1305 MAC (message authentication code) implemen ...)
- - openssl <unfixed> (bug #1060347)
+ - openssl 3.1.5-1 (bug #1060347)
[bookworm] - openssl <no-dsa> (Minor issue; can be fixed later along with other issues)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
[buster] - openssl <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bf434b1ce7d824cb9f92a685eca951dfa6977d6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bf434b1ce7d824cb9f92a685eca951dfa6977d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240203/bade93be/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list