Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18d017e4 by Moritz Muehlenhoff at 2023-02-07T17:37:32+01:00
new openssl issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4238,8 +4238,12 @@ CVE-2023-0403 (The Social Warfare plugin for WordPress
is vulnerable to Cross-Si
NOT-FOR-US: Social Warfare plugin for WordPress
CVE-2023-0402 (The Social Warfare plugin for WordPress is vulnerable to
authorization ...)
NOT-FOR-US: Social Warfare plugin for WordPress
-CVE-2023-0401
+CVE-2023-0401 [openssl: NULL dereference during PKCS7 data verification]
RESERVED
+ - openssl <unfixed>
+ [bullseye] - openssl <not-affected> (Only affects 3.x)
+ [buster] - openssl <not-affected> (Only affects 3.x)
+ NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2023-0400 (The protection bypass vulnerability in DLP for Windows 11.9.x
is addre ...)
NOT-FOR-US: DLP for Windows
CVE-2023-0399
@@ -5291,8 +5295,10 @@ CVE-2023-0288 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE: Crash in CLI tool, no security impact
CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has
been rate ...)
NOT-FOR-US: ityouknow favorites-web
-CVE-2023-0286
+CVE-2023-0286 [openssl: X.400 address type confusion in X.509 GeneralName]
RESERVED
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2023-0285
RESERVED
CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk
allows a ...)
@@ -6476,12 +6482,22 @@ CVE-2023-0219
RESERVED
CVE-2023-0218
RESERVED
-CVE-2023-0217
+CVE-2023-0217 [openssl: NULL dereference validating DSA public key]
RESERVED
-CVE-2023-0216
+ - openssl <unfixed>
+ [bullseye] - openssl <not-affected> (Only affects 3.x)
+ [buster] - openssl <not-affected> (Only affects 3.x)
+ NOTE: https://www.openssl.org/news/secadv/20230207.txt
+CVE-2023-0216 [openssl: Invalid pointer dereference in d2i_PKCS7 functions]
RESERVED
-CVE-2023-0215
+ - openssl <unfixed>
+ [bullseye] - openssl <not-affected> (Only affects 3.x)
+ [buster] - openssl <not-affected> (Only affects 3.x)
+ NOTE: https://www.openssl.org/news/secadv/20230207.txt
+CVE-2023-0215 [openssl: Use-after-free following BIO_new_NDEF]
RESERVED
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main
releases 1 ...)
NOT-FOR-US: Skyhigh SWG
CVE-2023-0213
@@ -13178,8 +13194,10 @@ CVE-2022-4452
RESERVED
CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not
validate an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4450
+CVE-2022-4450 [openssl: Double free after calling PEM_read_bio_ex]
RESERVED
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2022-4449 (The Page scroll to id WordPress plugin before 1.7.6 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4448
@@ -15193,8 +15211,10 @@ CVE-2022-4306 (The Panda Pods Repeater Field WordPress
plugin before 1.5.4 does
NOT-FOR-US: WordPress plugin
CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks
author ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4304
+CVE-2022-4304 [openssl: Timing Oracle in RSA Decryption]
RESERVED
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4
prioritizes ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes
user inpu ...)
@@ -16372,8 +16392,12 @@ CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5
and 15.4.6 using a branch w
- gitlab <unfixed>
CVE-2022-4204
RESERVED
-CVE-2022-4203
+CVE-2022-4203 [openssl: X.509 Name Constraints Read Buffer Overflow]
RESERVED
+ - openssl <unfixed>
+ [bullseye] - openssl <not-affected> (Only affects 3.x)
+ [buster] - openssl <not-affected> (Only affects 3.x)
+ NOTE: https://www.openssl.org/news/secadv/20230207.txt
CVE-2022-4202 (A vulnerability, which was classified as problematic, was found
in GPA ...)
- gpac <undetermined>
TODO: check details
=====================================
data/dsa-needed.txt
=====================================
@@ -43,6 +43,8 @@ php-horde-mime-viewer
--
php-horde-turba
--
+openssl (carnil)
+--
rails
--
ruby-nokogiri
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18d017e414521e3c8675cd6d96708b235781cb52
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18d017e414521e3c8675cd6d96708b235781cb52
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
