[Git][security-tracker-team/security-tracker][master] Track fixed version for three openssl CVEs fixed via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 3 18:15:22 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2bf434b1 by Salvatore Bonaccorso at 2024-02-03T19:14:51+01:00
Track fixed version for three openssl CVEs fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1625,7 +1625,7 @@ CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS App)
 CVE-2024-0822 (An authentication bypass vulnerability was found in overt-engine. This ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file may lead ...)
-	- openssl <unfixed> (bug #1061582)
+	- openssl 3.1.5-1 (bug #1061582)
 	[bookworm] - openssl <no-dsa> (Minor issue)
 	[bullseye] - openssl <no-dsa> (Minor issue)
 	[buster] - openssl <postponed> (Minor issue, DoS, Low severity)
@@ -3701,7 +3701,7 @@ CVE-2023-42135 (PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50
 CVE-2023-42134 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45 ...)
 	NOT-FOR-US: PAX devices
 CVE-2023-6237 [openssl: Checking excessively long invalid RSA public keys may take a long time]
-	- openssl <unfixed> (bug #1060858)
+	- openssl 3.1.5-1 (bug #1060858)
 	[bookworm] - openssl <no-dsa> (Minor issue)
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
@@ -7751,7 +7751,7 @@ CVE-2023-6546 (A race condition was found in the GSM 0710 tty multiplexor in the
 CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software
 CVE-2023-6129 (Issue summary: The POLY1305 MAC (message authentication code) implemen ...)
-	- openssl <unfixed> (bug #1060347)
+	- openssl 3.1.5-1 (bug #1060347)
 	[bookworm] - openssl <no-dsa> (Minor issue; can be fixed later along with other issues)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	[buster] - openssl <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bf434b1ce7d824cb9f92a685eca951dfa6977d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bf434b1ce7d824cb9f92a685eca951dfa6977d6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240203/bade93be/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list