Open SanderGit opened 5 months ago
Describe the bug Workrave ships vulnerable OpenSSL files: libssl-3-x64.dll and libcrypto-3-x64.dll
These files are associated with CVE-2024-2027, CVE-2024-2511, CVE-2023-5678 and CVE-2023-6237.
To Reproduce Install Workrave 1.11-b12
** Windows (please complete the following information in case you encountered the bug on Windows):
Additional context Microsoft Defender indentifies the vulnerabilities on systems where Workrave is installed.
This is on Fedora Linux 40, self-compiled workrave with default configuration:
ldd /opt/workrave/bin/workrave | grep -i -E 'ssl|crypto'
No such library.
Describe the bug Workrave ships vulnerable OpenSSL files: libssl-3-x64.dll and libcrypto-3-x64.dll
These files are associated with CVE-2024-2027, CVE-2024-2511, CVE-2023-5678 and CVE-2023-6237.
To Reproduce Install Workrave 1.11-b12
** Windows (please complete the following information in case you encountered the bug on Windows):
Additional context Microsoft Defender indentifies the vulnerabilities on systems where Workrave is installed.