Merge ~federicoquattrin/ubuntu-cve-tracker:fixed_CVVE_2023_46233 into ubuntu-cve-tracker:master

Proposed by Federico Quattrin
Status: Merged
Merged at revision: dbbe1e6a247bab9a02a1a1b29d906303f36e78f4
Proposed branch: ~federicoquattrin/ubuntu-cve-tracker:fixed_CVVE_2023_46233
Merge into: ubuntu-cve-tracker:master
Diff against target: 48 lines (+12/-10)
1 file modified
active/CVE-2023-46233 (+12/-10)
Reviewer Review Type Date Requested Status
Emilia Torino Approve
Review via email: mp+465022@code.launchpad.net

Commit message

updated information for CVE-2023-46233

Description of the change

updated information for CVE-2023-46233

To post a comment you must log in.
Revision history for this message
Emilia Torino (emitorino) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2023-46233 b/active/CVE-2023-46233
2index 095833f..a45b017 100644
3--- a/active/CVE-2023-46233
4+++ b/active/CVE-2023-46233
5@@ -1,9 +1,11 @@
6+PublicDateAtUSN: 2023-10-25 21:15:00 UTC
7 Candidate: CVE-2023-46233
8 PublicDate: 2023-10-25 21:15:00 UTC
9 References:
10 https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf
11 https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a
12 https://www.cve.org/CVERecord?id=CVE-2023-46233
13+ https://ubuntu.com/security/notices/USN-6753-1
14 Description:
15 crypto-js is a JavaScript library of crypto standards. Prior to version
16 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in
17@@ -22,21 +24,21 @@ Mitigation:
18 Bugs:
19 Priority: medium
20 Discovered-by:
21-Assigned-to: federicoquattrin
22+Assigned-to:
23 CVSS:
24 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N [9.1 CRITICAL]
25
26 Patches_cryptojs:
27-upstream_cryptojs: needs-triage
28+upstream_cryptojs: released (4.2.0)
29 trusty_cryptojs: ignored (end of standard support)
30 xenial_cryptojs: ignored (end of standard support)
31-esm-apps/xenial_cryptojs: needs-triage
32+esm-apps/xenial_cryptojs: released (3.1.2+dfsg-2ubuntu0.16.04.1~esm1)
33 bionic_cryptojs: ignored (end of standard support)
34-esm-apps/bionic_cryptojs: needs-triage
35-focal_cryptojs: needs-triage
36-esm-apps/focal_cryptojs: needs-triage
37-jammy_cryptojs: needs-triage
38-esm-apps/jammy_cryptojs: needs-triage
39+esm-apps/bionic_cryptojs: released (3.1.2+dfsg-2ubuntu0.18.04.1~esm1)
40+focal_cryptojs: released (3.1.2+dfsg-2ubuntu0.20.04.1)
41+esm-apps/focal_cryptojs: not-affected (3.1.2+dfsg-2ubuntu0.20.04.1)
42+jammy_cryptojs: needed
43+esm-apps/jammy_cryptojs: released (3.1.2+dfsg-3ubuntu0.22.04.1~esm1)
44 lunar_cryptojs: ignored (end of life, was needs-triage)
45-mantic_cryptojs: needs-triage
46-devel_cryptojs: needs-triage
47+mantic_cryptojs: needed
48+devel_cryptojs: needed

Subscribers

People subscribed via source and target branches