Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: net-libs/gnutls #1322

Closed
tormath1 opened this issue Jan 17, 2024 · 1 comment · Fixed by flatcar/scripts#1609
Closed

update: net-libs/gnutls #1322

tormath1 opened this issue Jan 17, 2024 · 1 comment · Fixed by flatcar/scripts#1609
Labels
advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns

Comments

@tormath1
Copy link
Contributor

tormath1 commented Jan 17, 2024
edited by dongsupark
Loading

Name: net-libs/gnutls
CVEs: CVE-2024-0567, CVE-2024-0553
CVSSs: 7.5, 7.5
Action Needed: upgrade to >= 3.8.3

Summary:

  • CVE-2024-0567: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures
  • CVE-2024-0553: Fix more timing side-channel inside RSA-PSK key exchange

refmap.gentoo: https://bugs.gentoo.org/922262
@tormath1 tormath1 added security security concerns advisory security advisory cvss/MEDIUM >= 4 && < 7 assessed CVSS labels Jan 17, 2024
@github-actions github-actions bot mentioned this issue Jan 22, 2024
Closed
@dongsupark dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Feb 7, 2024
@dongsupark dongsupark added cvss/HIGH > 7 && < 9 assessed CVSS and removed cvss/MEDIUM >= 4 && < 7 assessed CVSS labels Feb 7, 2024
@dongsupark
Copy link
Member

Set to cvss/HIGH.

@dongsupark dongsupark moved this from 🪵Backlog to 🌱 Upcoming / Focus in Flatcar tactical, release planning, and roadmap Feb 7, 2024
@krnowak krnowak mentioned this issue Feb 8, 2024
Merged
2 tasks
@dongsupark dongsupark moved this from 🌱 Upcoming / Focus to ⚒️ In Progress in Flatcar tactical, release planning, and roadmap Feb 13, 2024
@dongsupark dongsupark moved this from ⚒️ In Progress to ✅ Testing / in Review in Flatcar tactical, release planning, and roadmap Feb 14, 2024
@github-project-automation github-project-automation bot moved this from ✅ Testing / in Review to Implemented in Flatcar tactical, release planning, and roadmap Feb 14, 2024
@github-actions github-actions bot mentioned this issue Feb 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Weekly portage-stable package updates 2024-01-29 flatcar/scripts
2 participants
@dongsupark @tormath1