Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 32682d88 by Salvatore Bonaccorso at 2024-02-08T21:34:37+01:00 Add CVE-2023-3966/openvswitch - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,12 @@ +CVE-2023-3966 [Invalid memory access in Geneve with HW offload] + - openvswitch <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2024/02/08/3 + NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/a468645c6d330943dbe0c8d466e05b9af2d7df0c (v2.11.0) + NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/2cfbcd5247ed0fd941c1ebb9f4adb952b67fe13a (v3.2.2) + NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/91e621bd5abab19954bec09c7d27c59acdf607b1 (v3.1.4) + NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/935cd1d574c6f432a451df8941374ffb36d767d9 (v3.0.6) + NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/b8657dada9641fbd2bd3a3f882e0862448d60910 (v2.17.9) + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html CVE-2024-25191 (php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authe ...) TODO: check CVE-2024-25190 (l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32682d88f677ab41c302cfc11fdf78039c5fb0b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32682d88f677ab41c302cfc11fdf78039c5fb0b6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
