suse-ru-2022:2355-1
Vulnerability from csaf_suse
Published
2022-07-11 10:44
Modified
2022-07-11 10:44
Summary
Recommended update for python-cryptography
Notes
Title of the patch
Recommended update for python-cryptography
Description of the patch
This update for python-cryptography fixes the following issues:
python-cryptography was updated to 3.3.2.
update to 3.3.0:
* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
to 1024-bit (8 byte to 128 byte) initialization vectors. This
change is to conform with an upcoming OpenSSL release that will
no longer support sizes outside this window.
* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
now raise ValueError rather than UnsupportedAlgorithm when an
unsupported cipher is used. This change is to conform with an
upcoming OpenSSL release that will no longer distinguish
between error types.
* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
field Diffie-Hellman parameters of less than 512 bits in
length. This change is to conform with an upcoming OpenSSL
release that no longer supports smaller sizes. These keys were
already wildly insecure and should not have been used in any
application outside of testing.
* Added the recover_data_from_signature() function to
RSAPublicKey for recovering the signed data from an RSA
signature.
Update to 3.2.1:
Disable blinding on RSA public keys to address an error with
some versions of OpenSSL.
update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by our API, we cannot completely mitigate this vulnerability.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
update to 3.1:
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
:term:`U-label` parsing in various X.509 classes. This support was originally
deprecated in version 2.1 and moved to an extra in 2.5.
* ``backend`` arguments to functions are no longer required and the
default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
.
* Calling ``update`` or ``update_into`` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
also resolves the same issue in :doc:`/fernet`.
update to 3.0:
* RSA generate_private_key() no longer accepts public_exponent values except
65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().
Update to 2.9:
* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
* Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
* Added support for parsing single_extensions in an OCSP response.
* NameAttribute values can now be empty strings.
Patchnames
SUSE-2022-2355,SUSE-SLE-Module-Basesystem-15-SP4-2022-2355,openSUSE-SLE-15.4-2022-2355
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for python-cryptography",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for python-cryptography fixes the following issues:\n\npython-cryptography was updated to 3.3.2.\n\nupdate to 3.3.0:\n\n* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit\n to 1024-bit (8 byte to 128 byte) initialization vectors. This\n change is to conform with an upcoming OpenSSL release that will\n no longer support sizes outside this window.\n* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we\n now raise ValueError rather than UnsupportedAlgorithm when an\n unsupported cipher is used. This change is to conform with an\n upcoming OpenSSL release that will no longer distinguish\n between error types.\n* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite\n field Diffie-Hellman parameters of less than 512 bits in\n length. This change is to conform with an upcoming OpenSSL\n release that no longer supports smaller sizes. These keys were\n already wildly insecure and should not have been used in any\n application outside of testing.\n* Added the recover_data_from_signature() function to\n RSAPublicKey for recovering the signed data from an RSA\n signature. \n\nUpdate to 3.2.1:\n\nDisable blinding on RSA public keys to address an error with\nsome versions of OpenSSL.\n\nupdate to 3.2 (bsc#1178168, CVE-2020-25659):\n\n* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,\n to protect against Bleichenbacher vulnerabilities. Due to limitations imposed\n by our API, we cannot completely mitigate this vulnerability.\n* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.\n\nupdate to 3.1:\n\n* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based\n :term:`U-label` parsing in various X.509 classes. This support was originally\n deprecated in version 2.1 and moved to an extra in 2.5.\n* ``backend`` arguments to functions are no longer required and the\n default backend will automatically be selected if no ``backend`` is provided.\n* Added initial support for parsing certificates from PKCS7 files with\n :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`\n and\n :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`\n .\n* Calling ``update`` or ``update_into`` on\n :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``\n longer than 2\\ :sup:`31` bytes no longer raises an ``OverflowError``. This\n also resolves the same issue in :doc:`/fernet`.\n\nupdate to 3.0:\n\n* RSA generate_private_key() no longer accepts public_exponent values except\n 65537 and 3 (the latter for legacy purposes).\n* X.509 certificate parsing now enforces that the version field contains\n a valid value, rather than deferring this check until version is accessed.\n* Deprecated support for Python 2\n* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa\n private keys: load_ssh_private_key() for loading and OpenSSH for writing.\n* Added support for OpenSSH certificates to load_ssh_public_key().\n* Added encrypt_at_time() and decrypt_at_time() to Fernet.\n* Added support for the SubjectInformationAccess X.509 extension.\n* Added support for parsing SignedCertificateTimestamps in OCSP responses.\n* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().\n* Added support for encoding attributes in certificate signing requests via add_attribute().\n* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL\u2019s built-in CSPRNG\n instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.\n* Added initial support for creating PKCS12 files with serialize_key_and_certificates().\n\nUpdate to 2.9:\n\n* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to\n low usage and maintenance burden.\n* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.\n Users on older version of OpenSSL will need to upgrade.\n* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.\n* Removed support for calling public_bytes() with no arguments, as per \n our deprecation policy. You must now pass encoding and format.\n* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()\n returns the RDNs as required by RFC 4514.\n* Added support for parsing single_extensions in an OCSP response.\n* NameAttribute values can now be empty strings.\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2355,SUSE-SLE-Module-Basesystem-15-SP4-2022-2355,openSUSE-SLE-15.4-2022-2355",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2022_2355-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2022:2355-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20222355-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2022:2355-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2022-July/023858.html"
},
{
"category": "self",
"summary": "SUSE Bug 1198331",
"url": "https://bugzilla.suse.com/1198331"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25659 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25659/"
}
],
"title": "Recommended update for python-cryptography",
"tracking": {
"current_release_date": "2022-07-11T10:44:27Z",
"generator": {
"date": "2022-07-11T10:44:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2022:2355-1",
"initial_release_date": "2022-07-11T10:44:27Z",
"revision_history": [
{
"date": "2022-07-11T10:44:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"product": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"product_id": "python3-cryptography-3.3.2-150400.16.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-3.3.2-150400.16.3.1.i586",
"product": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.i586",
"product_id": "python3-cryptography-3.3.2-150400.16.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch",
"product": {
"name": "python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch",
"product_id": "python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"product": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"product_id": "python3-cryptography-3.3.2-150400.16.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-3.3.2-150400.16.3.1.s390x",
"product": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.s390x",
"product_id": "python3-cryptography-3.3.2-150400.16.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"product": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"product_id": "python3-cryptography-3.3.2-150400.16.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.aarch64"
},
"product_reference": "python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.ppc64le"
},
"product_reference": "python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.s390x"
},
"product_reference": "python3-cryptography-3.3.2-150400.16.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.x86_64"
},
"product_reference": "python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.aarch64"
},
"product_reference": "python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.ppc64le"
},
"product_reference": "python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.s390x"
},
"product_reference": "python3-cryptography-3.3.2-150400.16.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-3.3.2-150400.16.3.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.x86_64"
},
"product_reference": "python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch"
},
"product_reference": "python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25659"
}
],
"notes": [
{
"category": "general",
"text": "python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.s390x",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"openSUSE Leap 15.4:python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25659",
"url": "https://www.suse.com/security/cve/CVE-2020-25659"
},
{
"category": "external",
"summary": "SUSE Bug 1178168 for CVE-2020-25659",
"url": "https://bugzilla.suse.com/1178168"
},
{
"category": "external",
"summary": "SUSE Bug 1183152 for CVE-2020-25659",
"url": "https://bugzilla.suse.com/1183152"
},
{
"category": "external",
"summary": "SUSE Bug 1218043 for CVE-2020-25659",
"url": "https://bugzilla.suse.com/1218043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.s390x",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"openSUSE Leap 15.4:python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.aarch64",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.ppc64le",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.s390x",
"openSUSE Leap 15.4:python3-cryptography-3.3.2-150400.16.3.1.x86_64",
"openSUSE Leap 15.4:python3-cryptography-vectors-3.3.2-150400.7.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-11T10:44:27Z",
"details": "moderate"
}
],
"title": "CVE-2020-25659"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…