[Git][security-tracker-team/security-tracker][master] Add CVE-2023-3966/openvswitch

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
32682d88 by Salvatore Bonaccorso at 2024-02-08T21:34:37+01:00
Add CVE-2023-3966/openvswitch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,12 @@
+CVE-2023-3966 [Invalid memory access in Geneve with HW offload]
+	- openvswitch <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2024/02/08/3
+	NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/a468645c6d330943dbe0c8d466e05b9af2d7df0c (v2.11.0)
+	NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/2cfbcd5247ed0fd941c1ebb9f4adb952b67fe13a (v3.2.2)
+	NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/91e621bd5abab19954bec09c7d27c59acdf607b1 (v3.1.4)
+	NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/935cd1d574c6f432a451df8941374ffb36d767d9 (v3.0.6)
+	NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/b8657dada9641fbd2bd3a3f882e0862448d60910 (v2.17.9)
+	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html
 CVE-2024-25191 (php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authe ...)
 	TODO: check
 CVE-2024-25190 (l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32682d88f677ab41c302cfc11fdf78039c5fb0b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32682d88f677ab41c302cfc11fdf78039c5fb0b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240208/2ba5494a/attachment.htm>