Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7e33eda7 by Salvatore Bonaccorso at 2024-02-12T21:32:38+01:00 Update information on CVE-2024-2425{8,9} Actual issue was in freeglut and the CVE records now have a reference to the freeglut repostitory. Update tracking accordingly (and for now drop the unimportant severity, but might actually be still correct). The pull request additionally as well explicitly associate the two CVEs with freeglut. Link: https://github.com/freeglut/freeglut/pull/155 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1281,16 +1281,16 @@ CVE-2024-24262 (media-server v1.0.0 was discovered to contain a Use-After-Free ( NOT-FOR-US: media-server CVE-2024-24260 (media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) v ...) NOT-FOR-US: media-server -CVE-2024-24259 (mupdf v1.23.9 was discovered to contain a memory leak via the menuEntr ...) - - mupdf <unfixed> (unimportant) - NOTE: Memory leak in CLI tool, no security impact +CVE-2024-24259 + - freeglut <unfixed> NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md - TODO: check report upstream -CVE-2024-24258 (mupdf v1.23.9 was discovered to contain a memory leak via the menuEntr ...) - - mupdf <unfixed> (unimportant) - NOTE: Memory leak in CLI tool, no security impact + NOTE: https://github.com/freeglut/freeglut/pull/155 + NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57 +CVE-2024-24258 + - freeglut <unfixed> NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md - TODO: check report upstream + NOTE: https://github.com/freeglut/freeglut/pull/155 + NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57 CVE-2024-23109 (An improper neutralization of special elements used in an os command ( ...) NOT-FOR-US: FortiGuard CVE-2024-23108 (An improper neutralization of special elements used in an os command ( ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e33eda7836ab031c94969e21087c203921ae36d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e33eda7836ab031c94969e21087c203921ae36d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits