2 matches found
CLSA-2022-1657814965 Fix CVE(s): CVE-2022-1473, CVE-2022-1292, CVE-2022-2068
SECURITY REGRESSION: Invalid fix for CVE-2022-1473 - debian/patches/CVE-2022-1473.patch: removing unnecessary patch since this version is actually not affected SECURITY UPDATE: crehash script allows command injection - debian/patches/CVE-2022-1292.patch: switch to upstream patch, and apply it...
CLSA-2022-1654011190 Fix CVE(s): CVE-2022-1473, CVE-2022-1292
SECURITY UPDATE: Improper Neutralization - debian/patches/CVE-2022-1292.patch: restrict using shell to invoke openssl due to possible privilege escalation - debian/patches/CVE-2022-1473.patch: fix bug OPENSSLLHflush memory releasing leading to DoS - CVE-2022-1292 - CVE-2022-1473...