[Git][security-tracker-team/security-tracker][master] Reserve DLA-4176-1 for openssl

Adrian Bunk (@bunk) bunk at debian.org
Sat May 24 18:32:29 BST 2025 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ee97b69 by Adrian Bunk at 2025-05-24T20:32:15+03:00
Reserve DLA-4176-1 for openssl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -41730,7 +41730,6 @@ CVE-2024-22347 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 throu
 CVE-2024-13176 (Issue summary: A timing side-channel which could potentially allow rec ...)
 	- openssl 3.4.1-1 (bug #1094027)
 	[bookworm] - openssl 3.0.16-1~deb12u1
-	[bullseye] - openssl <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://openssl-library.org/news/secadv/20250120.txt
 	NOTE: https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f (openssl-3.4.1)
 	NOTE: https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902 (openssl-3.3.3)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 May 2025] DLA-4176-1 openssl - security update
+	{CVE-2024-13176}
+	[bullseye] - openssl 1.1.1w-0+deb11u3
 [20 May 2025] DLA-4175-1 mongo-c-driver - security update
 	{CVE-2021-32050 CVE-2023-0437 CVE-2024-6381 CVE-2024-6383 CVE-2025-0755}
 	[bullseye] - mongo-c-driver 1.17.6-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -320,10 +320,6 @@ opencryptoki
   NOTE: 20250505: https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
   NOTE: 20250505: Cf. #1104729 to determine whether to fix or ignore this in all dists (Beuc/front-desk)
 --
-openssl (Adrian Bunk)
-  NOTE: 20250519: Added by Front-Desk (Beuc)
-  NOTE: 20250519: Follow fixes from bookworm 12.11 (CVE-2024-13176) (Beuc/front-desk)
---
 pagure
   NOTE: 20250117: Added by Front-Desk (rouca)
   NOTE: 20250119: Coordinate with ds (rouca/FD)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ee97b69bbb3ccd7dc9e99f365833c22e90532c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ee97b69bbb3ccd7dc9e99f365833c22e90532c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250524/efabd28c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list