[Git][security-tracker-team/security-tracker][master] CVE-2024-2467/libcrypt-openssl-rsa-perl: buster postponed
Sylvain Beucler (@beuc)
beuc at debian.org
Sat Mar 16 11:52:30 GMT 2024
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72788521 by Sylvain Beucler at 2024-03-16T12:52:06+01:00
CVE-2024-2467/libcrypt-openssl-rsa-perl: buster postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
CVE-2024-2467 [Crypt-OpenSSL-RSA vulnerable to the Marvin Attack]
- libcrypt-openssl-rsa-perl <unfixed> (bug #1066969)
+ [buster] - libcrypt-openssl-rsa-perl <postponed> (Minor issue; side-channel timing attack)
NOTE: https://people.redhat.com/~hkario/marvin/
NOTE: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...)
@@ -2148,7 +2149,7 @@ CVE-2024-2236 (A timing-based side-channel flaw was found in libgcrypt's RSA imp
- libgcrypt20 <unfixed> (bug #1065683)
[bookworm] - libgcrypt20 <no-dsa> (Minor issue)
[bullseye] - libgcrypt20 <no-dsa> (Minor issue)
- [buster] - libgcrypt20 <no-dsa> (Minor issue)
+ [buster] - libgcrypt20 <postponed> (Minor issue; side-channel timing attack)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2268268
NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html
NOTE: https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72788521a0bcb3f302e27bd45b2f6df9a979c20f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72788521a0bcb3f302e27bd45b2f6df9a979c20f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240316/05cca81f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list