search

rcaelers / workrave

Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury (RSI). The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily limit.
https://www.workrave.org
GNU General Public License v3.0
1.6k stars 202 forks source link

Vulnerabilities in OpenSSL #541

Open SanderGit opened 5 months ago

SanderGit commented 5 months ago

Describe the bug Workrave ships vulnerable OpenSSL files: libssl-3-x64.dll and libcrypto-3-x64.dll

These files are associated with CVE-2024-2027, CVE-2024-2511, CVE-2023-5678 and CVE-2023-6237.

To Reproduce Install Workrave 1.11-b12

** Windows (please complete the following information in case you encountered the bug on Windows):

Additional context Microsoft Defender indentifies the vulnerabilities on systems where Workrave is installed.

patch-work commented 5 months ago

This is on Fedora Linux 40, self-compiled workrave with default configuration:

ldd /opt/workrave/bin/workrave | grep -i -E 'ssl|crypto'

No such library.