[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2010-0928/openssl

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89762586 by Salvatore Bonaccorso at 2024-06-04T23:26:32+02:00
Update notes for CVE-2010-0928/openssl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -650400,8 +650400,9 @@ CVE-2010-XXXX [phpbb 3.0.7 permissions bypass]
 CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex- ...)
 	- openssl <unfixed> (unimportant)
 	NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
-	NOTE: somewhat impractical right now, but the openssl developers are working
-	NOTE: on a fix just in case
+	NOTE: https://github.com/openssl/openssl/discussions/24540
+	NOTE: Fault injection based attacks are not within OpenSSLs threat model according
+	NOTE: to the security policy: https://www.openssl.org/policies/general/security-policy.html
 CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...)
 	- samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953)
 	[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897625860eedee9c192c9e2b4667fda79c8bdb96

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897625860eedee9c192c9e2b4667fda79c8bdb96
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240604/d0c9a486/attachment.htm>