Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits: f4cd486e by Guilhem Moulin at 2024-04-03T13:18:32+02:00 Triage CVE-2024-28834/gnutls28 for buster LTS. Deterministic ECDSA/DSA [RFC6979] support was added in 3.6.10 https://lists.gnupg.org/pipermail/gnutls-help/2019-September/004574.html - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -3511,9 +3511,12 @@ CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash CVE-2024-28834 (A flaw was found in GnuTLS. The Minerva attack is a cryptographic vuln ...) [experimental] - gnutls28 3.8.4-1 - gnutls28 3.8.4-2 (bug #1067464) + [buster] - gnutls28 <not-affected> (Vulnerable code not present) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1516 NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04 + NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1c4701ffc342259fc5965d5a0de90d87f780e3e5 + NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/merge_requests/1051 (gnutls_3_6_10) CVE-2024-28635 (Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v. ...) NOT-FOR-US: SurveyJS Survey Creator CVE-2024-25294 (An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sens ...) ===================================== data/dla-needed.txt ===================================== @@ -87,9 +87,6 @@ frr NOTE: 20240206: Continuing fixing the remaining issues (abhijith) NOTE: 20240301: continue work (abhijith) -- -gnutls28 (guilhem) - NOTE: 20240323: Added by Front-Desk (ta) --- gtkwave NOTE: 20240116: Added by Front-Desk (lamby) NOTE: 20240116: For CVE-2023-32650 etc. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4cd486e5e92d36c48f328d1599990c08e0eb8fb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4cd486e5e92d36c48f328d1599990c08e0eb8fb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
