Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5fe78fe7 by Salvatore Bonaccorso at 2022-05-03T17:34:55+02:00
Add temporary descriptions and upstream tag information for commits on openssl
issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -962,12 +962,12 @@ CVE-2022-1475 (An integer overflow vulnerability was
found in FFmpeg 5.0.1 and i
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d
(n4.3.4)
CVE-2022-1474
RESERVED
-CVE-2022-1473
+CVE-2022-1473 [Resource leakage when decoding certificates and keys]
RESERVED
[experimental] - openssl <unfixed>
- openssl <not-affected> (Only affects OpenSSL 3.0)
NOTE: https://www.openssl.org/news/secadv/20220503.txt
- NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
(openssl-3.0.3)
CVE-2022-1472
RESERVED
CVE-2022-1471
@@ -1541,12 +1541,12 @@ CVE-2022-1436
RESERVED
CVE-2022-1435
RESERVED
-CVE-2022-1434
+CVE-2022-1434 [Incorrect MAC key used in the RC4-MD5 ciphersuite]
RESERVED
[experimental] - openssl <unfixed>
- openssl <not-affected> (Only affects OpenSSL 3.0)
NOTE: https://www.openssl.org/news/secadv/20220503.txt
- NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b
(openssl-3.0.3)
CVE-2022-1433
RESERVED
CVE-2022-1432
@@ -2638,12 +2638,12 @@ CVE-2022-29158
RESERVED
CVE-2022-1344 (Stored XSS due to no sanitization in the filename in GitHub
repository ...)
NOT-FOR-US: organizr
-CVE-2022-1343
+CVE-2022-1343 [OCSP_basic_verify may incorrectly verify the response signing
certificate]
RESERVED
[experimental] - openssl <unfixed>
- openssl <not-affected> (Only affects OpenSSL 3.0)
NOTE: https://www.openssl.org/news/secadv/20220503.txt
- NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
(openssl-3.0.3)
CVE-2022-1342
RESERVED
CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null
write e ...)
@@ -3090,11 +3090,12 @@ CVE-2022-1294
RESERVED
CVE-2022-1293
RESERVED
-CVE-2022-1292
+CVE-2022-1292 [The c_rehash script allows command injection]
RESERVED
- openssl <unfixed>
NOTE: https://www.openssl.org/news/secadv/20220503.txt
- NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
(openssl-3.0.3)
+ NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
(OpenSSL_1_1_1o)
CVE-2022-29027
RESERVED
CVE-2022-29026
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fe78fe7130537c1fe98cae027628f1a4abcf6d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fe78fe7130537c1fe98cae027628f1a4abcf6d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
