[Git][security-tracker-team/security-tracker][master] Track fixed version for openssl issue via unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ea70c914 by Salvatore Bonaccorso at 2023-02-07T22:16:40+01:00
Track fixed version for openssl issue via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4397,7 +4397,7 @@ CVE-2023-0402 (The Social Warfare plugin for WordPress is 
vulnerable to authoriz
        NOT-FOR-US: Social Warfare plugin for WordPress
 CVE-2023-0401 [openssl: NULL dereference during PKCS7 data verification]
        RESERVED
-       - openssl <unfixed>
+       - openssl 3.0.8-1
        [bullseye] - openssl <not-affected> (Only affects 3.x)
        [buster] - openssl <not-affected> (Only affects 3.x)
        NOTE: https://www.openssl.org/news/secadv/20230207.txt
@@ -5455,7 +5455,7 @@ CVE-2023-0287 (A vulnerability was found in ityouknow 
favorites-web. It has been
        NOT-FOR-US: ityouknow favorites-web
 CVE-2023-0286 [openssl: X.400 address type confusion in X.509 GeneralName]
        RESERVED
-       - openssl <unfixed>
+       - openssl 3.0.8-1
        NOTE: https://www.openssl.org/news/secadv/20230207.txt
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658
 (openssl-3.0.8)
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
 (OpenSSL_1_1_1t)
@@ -6644,21 +6644,21 @@ CVE-2023-0218
        RESERVED
 CVE-2023-0217 [openssl: NULL dereference validating DSA public key]
        RESERVED
-       - openssl <unfixed>
+       - openssl 3.0.8-1
        [bullseye] - openssl <not-affected> (Only affects 3.x)
        [buster] - openssl <not-affected> (Only affects 3.x)
        NOTE: https://www.openssl.org/news/secadv/20230207.txt
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23985bac83fd50c8e29431009302b5442f985096
 (openssl-3.0.8)
 CVE-2023-0216 [openssl: Invalid pointer dereference in d2i_PKCS7 functions]
        RESERVED
-       - openssl <unfixed>
+       - openssl 3.0.8-1
        [bullseye] - openssl <not-affected> (Only affects 3.x)
        [buster] - openssl <not-affected> (Only affects 3.x)
        NOTE: https://www.openssl.org/news/secadv/20230207.txt
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6
 (openssl-3.0.8)
 CVE-2023-0215 [openssl: Use-after-free following BIO_new_NDEF]
        RESERVED
-       - openssl <unfixed>
+       - openssl 3.0.8-1
        NOTE: https://www.openssl.org/news/secadv/20230207.txt
 CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main 
releases 1 ...)
        NOT-FOR-US: Skyhigh SWG
@@ -13356,7 +13356,7 @@ CVE-2022-4451 (The Social Sharing WordPress plugin 
before 3.3.45 does not valida
        NOT-FOR-US: WordPress plugin
 CVE-2022-4450 [openssl: Double free after calling PEM_read_bio_ex]
        RESERVED
-       - openssl <unfixed>
+       - openssl 3.0.8-1
        NOTE: https://www.openssl.org/news/secadv/20230207.txt
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63bcf189be73a9cc1264059bed6f57974be74a83
 (openssl-3.0.8)
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bbcf509bd046b34cca19c766bbddc31683d0858b
 (OpenSSL_1_1_1t)
@@ -15375,7 +15375,7 @@ CVE-2022-4305 (The Login as User or Customer WordPress 
plugin before 3.3 lacks a
        NOT-FOR-US: WordPress plugin
 CVE-2022-4304 [openssl: Timing Oracle in RSA Decryption]
        RESERVED
-       - openssl <unfixed>
+       - openssl 3.0.8-1
        NOTE: https://www.openssl.org/news/secadv/20230207.txt
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d
 (openssl-3.0.8)
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f
 (OpenSSL_1_1_1t)
@@ -16564,7 +16564,7 @@ CVE-2022-4204
        RESERVED
 CVE-2022-4203 [openssl: X.509 Name Constraints Read Buffer Overflow]
        RESERVED
-       - openssl <unfixed>
+       - openssl 3.0.8-1
        [bullseye] - openssl <not-affected> (Only affects 3.x)
        [buster] - openssl <not-affected> (Only affects 3.x)
        NOTE: https://www.openssl.org/news/secadv/20230207.txt



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea70c914150716cbad34ed91519f756b12a28132

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea70c914150716cbad34ed91519f756b12a28132
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits