New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities in OpenSSL #541

Open

SanderGit opened this issue Apr 17, 2024 · 1 comment

SanderGit commented Apr 17, 2024

Describe the bug
Workrave ships vulnerable OpenSSL files: libssl-3-x64.dll and libcrypto-3-x64.dll

These files are associated with CVE-2024-2027, CVE-2024-2511, CVE-2023-5678 and CVE-2023-6237.

To Reproduce
Install Workrave 1.11-b12

** Windows (please complete the following information in case you encountered the bug on Windows):

Windows Version: 11
Workrave Version 1.11-b12

Additional context
Microsoft Defender indentifies the vulnerabilities on systems where Workrave is installed.

patch-work commented Apr 30, 2024

This is on Fedora Linux 40, self-compiled workrave with default configuration:

ldd /opt/workrave/bin/workrave | grep -i -E 'ssl|crypto'

No such library.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment