Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2c8f4b5 by Moritz Muehlenhoff at 2024-05-29T15:47:45+02:00
one more mbedtls issue n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21462,8 +21462,12 @@ CVE-2024-29434 (An issue in the system image upload
interface of Alldata v0.4.6
CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection
vulnerability ...)
NOT-FOR-US: Alldata
CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When
negotiati ...)
- - mbedtls <undetermined>
- TODO: check, missing details
+ - mbedtls <not-affected> (Vulnerable code not enabled in any build
which supports TLS 1.3)
+ NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654
+ NOTE:
https://github.com/Mbed-TLS/mbedtls/commit/ad736991bb59211118a29fe115367c24495300c2
(mbedtls-3.6.0)
+ NOTE: Experimental TLS 1.3 support not enabled in 2.x packages, TLS 1.3
is enabled
+ NOTE: in Debian/experimental, but the first upload directly provides
fixes, so mark
+ NOTE: as <not-affected> altogether
CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When
an SSL co ...)
- mbedtls <unfixed>
[bookworm] - mbedtls <no-dsa> (Minor issue)
@@ -39333,10 +39337,12 @@ CVE-2023-52354 (chasquid before 1.13 allows SMTP
smuggling because LF-terminated
[buster] - chasquid <postponed> (Minor issue, request smuggling)
NOTE: https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24
CVE-2023-52353 (An issue was discovered in Mbed TLS through 3.5.1. In
mbedtls_ssl_sess ...)
- - mbedtls <unfixed> (unimportant)
+ - mbedtls <not-affected> (Vulnerable code not enabled in any build
which supports TLS 1.3)
NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654
NOTE:
https://github.com/Mbed-TLS/mbedtls/commit/ad736991bb59211118a29fe115367c24495300c2
(mbedtls-3.6.0)
- NOTE: Experimental TLS 1.3 support not enabled in 2.x packages
+ NOTE: Experimental TLS 1.3 support not enabled in 2.x packages, TLS 1.3
is enabled
+ NOTE: in Debian/experimental, but the first upload directly provides
fixes, so mark
+ NOTE: as <not-affected> altogether
CVE-2023-47352 (Technicolor TC8715D devices have predictable default WPA2
security pas ...)
NOT-FOR-US: Technicolor
CVE-2017-20189 (In Clojure before 1.9.0, classes can be used to construct a
serialized ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c8f4b5e8a18ca2370c2d5a01297c15c2084fc5
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2c8f4b5e8a18ca2370c2d5a01297c15c2084fc5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
