| Release | Version |
|---|---|
| bullseye | 0.9.13-3+deb11u2 |
| bookworm | 1.1.11-1 |
| trixie | 1.1.13-2 |
| sid | 1.1.13-2.1 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2024-25714 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp ... |
| CVE-2022-32096 | vulnerable (no DSA) | fixed | fixed | fixed | Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via ... |
| Bug | Description |
|---|---|
| TEMP-0993866-50C165 | jws alg:none signature verification issue |
| TEMP-0993866-37A39B | jwe cbc tag computation error |
| CVE-2022-38493 | Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA priva ... |