Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3ea2d11 by Sylvain Beucler at 2023-06-08T18:18:49+02:00
Reserve DLA-3449-1 for openssl
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -23912,14 +23912,12 @@ CVE-2023-0467 (The WP Dark Mode WordPress plugin
before 4.0.8 does not properly
CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to
implicit ...)
{DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
- [buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
(OpenSSL_1_1_1-stable)
CVE-2023-0465 (Applications that use a non-default option when verifying
certificates ...)
{DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
- [buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230328.txt
NOTE: Fixed by:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
(openssl-3.0.9)
NOTE: Test:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d2f0d05807fc70c68dcc22bcc6979147782d4adf
(openssl-3.0.9)
@@ -23930,7 +23928,6 @@ CVE-2023-0465 (Applications that use a non-default
option when verifying certifi
CVE-2023-0464 (A security vulnerability has been identified in all supported
versions ...)
{DSA-5417-1}
- openssl 3.0.9-1 (bug #1034720)
- [buster] - openssl <no-dsa> (Minor issue)
NOTE: https://www.openssl.org/news/secadv/20230322.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
(openssl-3.0)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
(OpenSSL_1_1_1-stable)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Jun 2023] DLA-3449-1 openssl - security update
+ {CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-2650}
+ [buster] - openssl 1.1.1n-0+deb10u5
[08 Jun 2023] DLA-3448-1 firefox-esr - security update
{CVE-2023-34414 CVE-2023-34416}
[buster] - firefox-esr 102.12.0esr-1~deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -106,10 +106,6 @@ openjdk-11 (Emilio)
NOTE: 20230419: Added by Front-Desk (ola)
NOTE: 20230522: waiting for sid/bullseye update (pochu)
--
-openssl (Sylvain Beucler)
- NOTE: 20230531: Added by Front-Desk (pochu)
- NOTE: 20230531: also handle no-dsa issues (pochu)
---
owslib (Adrian Bunk)
NOTE: 20230514: Added by Front-Desk (utkarsh)
NOTE: 20230514: also in dsa-needed. (utkarsh)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ea2d115bf4158042dbc43f70dc1dd38c5009fb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ea2d115bf4158042dbc43f70dc1dd38c5009fb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
