New subject: [Bug 2331954] CVE-2024-45337 golang-x-crypto: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [fedora-40]

12 Dec 2024

      https://bugzilla.redhat.com/show_bug.cgi?id=2331954
Bug ID: 2331954
           Summary: CVE-2024-45337 golang-x-crypto: Misuse of
                    ServerConfig.PublicKeyCallback may cause authorization
                    bypass in golang.org/x/crypto [fedora-40]
           Product: Fedora
           Version: 40
            Status: NEW
        Whiteboard: {"flaws": ["d4b62e16-e97d-4967-82ea-268c1341436b"]}
         Component: golang-x-crypto
          Keywords: Security, SecurityTracking
          Severity: high
          Priority: high
          Assignee: mark.e.fuller@gmx.de
          Reporter: ahanwate@redhat.com
        QA Contact: extras-qa@fedoraproject.org
                CC: epel-packagers-sig@lists.fedoraproject.org,
                    go-sig@lists.fedoraproject.org, mark.e.fuller@gmx.de
            Blocks: 2331720
  Target Milestone: ---
    Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2331720
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
-- 
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2331954

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report...

[Bug 2331954] New: CVE-2024-45337 golang-x-crypto: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [fedora-40]