[Git][security-tracker-team/security-tracker][master] Add two botan issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1bf76870 by Salvatore Bonaccorso at 2024-07-09T20:56:58+02:00
Add two botan issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -238,7 +238,8 @@ CVE-2024-39695 (Exiv2 is a command-line utility and C++ library for reading, wri
 CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET framework. A SQ ...)
 	TODO: check
 CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
-	TODO: check
+	- botan <unfixed>
+	NOTE: https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86
 CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for managing d ...)
 	NOT-FOR-US: RailsAdmin
 CVE-2024-39203 (A cross-site scripting (XSS) vulnerability in the Backend Theme Manage ...)
@@ -248,7 +249,20 @@ CVE-2024-39202 (D-Link DIR-823X firmware - 240126 was discovered to contain a re
 CVE-2024-37999 (A vulnerability has been identified in Medicalis Workflow Orchestrator ...)
 	NOT-FOR-US: Medicalis Workflow Orchestrator
 CVE-2024-34702 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
-	TODO: check
+	- botan <unfixed>
+	NOTE: https://github.com/randombit/botan/security/advisories/GHSA-5gg9-hqpr-r58j
+	NOTE: https://github.com/randombit/botan/pull/4034
+	NOTE: https://github.com/randombit/botan/pull/4045
+	NOTE: https://github.com/randombit/botan/pull/4047
+	NOTE: https://github.com/randombit/botan/pull/4052
+	NOTE: https://github.com/randombit/botan/pull/4186
+	NOTE: https://github.com/randombit/botan/pull/4187
+	NOTE: https://github.com/randombit/botan/commit/21dccc8fef18c165ba3301d850ac61521f85637e
+	NOTE: https://github.com/randombit/botan/commit/39535f13c322f56aa3da2f44b2b6abb8619a82ac
+	NOTE: https://github.com/randombit/botan/commit/477822a2d10f02d8ba46c9d8a5132f25843f5cc1
+	NOTE: https://github.com/randombit/botan/commit/7606d70d3a2ac7114476ec2651ca0243c4536fdf
+	NOTE: https://github.com/randombit/botan/commit/c3264821b9f6286ee4e6e3e06826f6b7177e6d41
+	NOTE: https://github.com/randombit/botan/commit/ff704b12e6fa351aaedd07bffdc91722e84586b8
 CVE-2024-31504 (Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodb ...)
 	NOT-FOR-US: SILA Embedded Solutions GmbH freemodbus
 CVE-2024-27903 (OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be lo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bf76870ec51b06118d52984a3e803246c02e8b3

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bf76870ec51b06118d52984a3e803246c02e8b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240709/1a1b067c/attachment.htm>