Samuel Henrique pushed to branch master at Debian Security Tracker / security-tracker
Commits: f9b9b056 by Andrea Pappacoda at 2022-07-24T17:03:49+02:00 Mark CVE-2020-36477/mbedtls as not-affected for buster and bullseye Buster and Bullseye both ship the 2.16 LTS branch of mbedtls, and as [mentioned by upstream][1] "the bug was introduced in 2.18.0, so it's not present in the [2.16] LTS branch". Thanks to Utkarsh and Samuel for the help! [1]: https://github.com/Mbed-TLS/mbedtls/pull/3554 - - - - - 035e6a98 by Samuel Henrique at 2022-07-24T15:47:19+00:00 Merge branch 'CVE-2020-36477-stable' into 'master' Mark CVE-2020-36477/mbedtls as not-affected for buster and bullseye See merge request security-tracker-team/security-tracker!112 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -64168,6 +64168,8 @@ CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2. CVE-2020-36477 (An issue was discovered in Mbed TLS before 2.24.0. The verification of ...) [experimental] - mbedtls 2.28.0-0.1 - mbedtls 2.28.0-0.3 + [bullseye] - mbedtls <not-affected> (2.16 not affected) + [buster] - mbedtls <not-affected> (2.16 not affected) [stretch] - mbedtls <not-affected> (2.4 not affected) NOTE: https://github.com/ARMmbed/mbedtls/issues/3498 NOTE: https://github.com/ARMmbed/mbedtls/commit/f3e4bd8632b71dc491e52e6df87dc3e409d2b869 (development) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7678f6ec64c6cd46dd5e0ad73d98bb7b9bdfed4f...035e6a98e9d9826afc810f824da17658747067b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7678f6ec64c6cd46dd5e0ad73d98bb7b9bdfed4f...035e6a98e9d9826afc810f824da17658747067b9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
