[Git][security-tracker-team/security-tracker][master] dla: add opencryptoki

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Mon May 5 12:28:02 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
baece56c by Sylvain Beucler at 2025-05-05T13:27:51+02:00
dla: add opencryptoki

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -137381,7 +137381,7 @@ CVE-2023-48127 (An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers t
 CVE-2023-48126 (An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attacke ...)
 	NOT-FOR-US: Luxe Beauty Clinic mini-app on Line
 CVE-2024-0914 (A timing side-channel vulnerability has been discovered in the opencry ...)
-	- opencryptoki 3.23.0+dfsg-0.1
+	- opencryptoki 3.23.0+dfsg-0.1 (bug #1104729)
 	[bookworm] - opencryptoki <no-dsa> (Minor issue)
 	[bullseye] - opencryptoki <no-dsa> (Minor issue)
 	[buster] - opencryptoki <postponed> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -278,6 +278,13 @@ openafs
   NOTE: 20250102: Looking at CVE-2024-10394 (abhijith)
   NOTE: 20250203: https://people.debian.org/~abhijith/upload/openafs_patches/ (abhijith)
 --
+opencryptoki
+  NOTE: 20250505: Added by Front-Desk (Beuc)
+  NOTE: 20250505: For CVE-2024-0914 ("Marvin Attack"),
+  NOTE: 20250505: we probably need to backport a few constant-time pre-requisite commits:
+  NOTE: 20250505: https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
+  NOTE: 20250505: Cf. #1104729 to determine whether fix or ignore this in all dists (Beuc/front-desk)
+--
 openjdk-11 (roberto)
   NOTE: 20250429: Added by Front-Desk (lamby)
   NOTE: 20250429: Suggested to also handle openjdk-17. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baece56ccd14187ad6cb0733a2d4781375a3bdce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baece56ccd14187ad6cb0733a2d4781375a3bdce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250505/67f32e02/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list