StarlingX

  1. Bug #2002277
  2. Activity log

Activity log for bug #2002277

Date Who What changed Old value New value Message
2023-01-09 05:11:04 Yue Tao bug added bug
2023-01-09 05:11:13 Yue Tao information type Public Public Security
2023-01-09 05:11:16 Yue Tao starlingx: importance Undecided Critical
2023-01-09 05:11:20 Yue Tao starlingx: status New Triaged
2023-01-09 05:11:27 Yue Tao starlingx: assignee Zhixiong Chi (zhixiongchi)
2023-01-09 05:11:41 Yue Tao cve linked 2022-47629
2023-01-09 05:11:54 Yue Tao tags stx.8.0 stx.security
2023-01-09 08:09:05 Zhixiong Chi starlingx: status Triaged In Progress
2023-01-12 15:12:13 OpenStack Infra starlingx: status In Progress Fix Released
2023-02-02 01:40:19 Yue Tao summary [Debian] CVE: CVE-2022-47629: libksba : integer overflow vulnerability. [Debian] CVE: CVE-2022-47629/CVE-2022-3515: libksba : integer overflow vulnerability.
2023-02-02 01:40:38 Yue Tao description CVE-2022-47629: https://nvd.nist.gov/vuln/detail/CVE-2022-47629 Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Score: cve_id status cvss3Score av ac pr ui ai CVE-2022-47629 fixed 9.8 N L N N H References: https://security-tracker.debian.org/tracker/CVE-2022-47629 ['libksba8_1.5.0-3_amd64.deb===>libksba8_1.5.0-3+deb11u2_amd64.deb'] Found during December 2022 CVE scan using vulscan CVE-2022-47629: https://nvd.nist.gov/vuln/detail/CVE-2022-47629 CVE-2022-3515: https://nvd.nist.gov/vuln/detail/CVE-2022-3515 Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Score: cve_id status cvss3Score av ac pr ui ai CVE-2022-47629 fixed 9.8 N L N N H CVE-2022-3515 fixed 9.8 N L N N H References: https://security-tracker.debian.org/tracker/CVE-2022-47629 https://security-tracker.debian.org/tracker/CVE-2022-3515 ['libksba8_1.5.0-3_amd64.deb===>libksba8_1.5.0-3+deb11u2_amd64.deb'] Found during December 2022 CVE scan using vulscan
2023-02-02 01:40:53 Yue Tao cve linked 2022-3515