[Bugs] [Bug 13263] New: [CVE 21] libksba 1.3.5 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13263

          Platform: 2021.1
            Bug ID: 13263
           Summary: [CVE 21] libksba 1.3.5 CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-3515, CVE-2022-47629,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package libksba version 1.3.5  
INFO (CVEs are): libksba 1.3.5 cves found
CVE-2022-3515
Desc: A vulnerability was found in the Libksba library due to an integer
overflow within the CRL parser. The vulnerability can be exploited remotely for
code execution on the target system by passing specially crafted data to the
application, for example, a malicious S/MIME attachment.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-3515
Severity: CRITICAL
CVE-2022-47629
Desc: Libksba before 1.6.3 is prone to an integer overflow vulnerability in the
CRL signature parser.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-47629
Severity: CRITICAL

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/5e3240c1/attachment.html>