[Git][security-tracker-team/security-tracker][master] Add new wolfssl issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aab1b0ef by Salvatore Bonaccorso at 2024-08-28T07:53:02+02:00
Add new wolfssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,11 +41,18 @@ CVE-2024-6633 (The default credentials for the setup HSQL 
database (HSQLDB) for
 CVE-2024-6632 (A vulnerability exists in FileCatalyst Workflow whereby a field 
access ...)
        NOT-FOR-US: FileCatalyst Workflow
 CVE-2024-5991 (In function MatchDomainName(), input param str is treated as a 
NULL te ...)
-       TODO: check
+       - wolfssl <unfixed>
+       NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
+       NOTE: https://github.com/wolfSSL/wolfssl/pull/7604
 CVE-2024-5814 (A malicious TLS1.2 server can force a TLS1.3 client with 
downgrade cap ...)
-       TODO: check
+       - wolfssl <unfixed>
+       NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
+       NOTE: https://github.com/wolfSSL/wolfssl/pull/7619
+       NOTE: https://tches.iacr.org/index.php/TCHES/article/view/11259
 CVE-2024-5288 (An issue was discovered in wolfSSL before 5.7.0. A safe-error 
attack v ...)
-       TODO: check
+       - wolfssl <unfixed>
+       NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
+       NOTE: https://github.com/wolfSSL/wolfssl/pull/7416
 CVE-2024-4872 (The product does not validate any query towards persistent 
data, resul ...)
        NOT-FOR-US: Hitachi
 CVE-2024-45264 (A cross-site request forgery (CSRF) vulnerability in the admin 
panel i ...)
@@ -77,7 +84,9 @@ CVE-2024-3980 (The product allows user input to control or 
influence paths or fi
 CVE-2024-36068 (An incorrect access control vulnerability in Rubrik CDM 
versions prior ...)
        NOT-FOR-US: Rubrik CDM
 CVE-2024-1544 (Generating the ECDSA nonce k samples a random number r and then 
 trunc ...)
-       TODO: check
+       - wolfssl <unfixed>
+       NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
+       NOTE: https://github.com/wolfSSL/wolfssl/pull/7020
 CVE-2024-8046 (The Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & 
Logo Gr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-7989



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab1b0ef2f4dbbd252986dc35e735558ab4d94ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab1b0ef2f4dbbd252986dc35e735558ab4d94ad
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits