[Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-2425{8,9}

Mon, 12 Feb 2024 12:35:21 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7e33eda7 by Salvatore Bonaccorso at 2024-02-12T21:32:38+01:00
Update information on CVE-2024-2425{8,9}

Actual issue was in freeglut and the CVE records now have a reference to
the freeglut repostitory. Update tracking accordingly (and for now drop
the unimportant severity, but might actually be still correct).
The pull request additionally as well explicitly associate the two CVEs
with freeglut.

Link: https://github.com/freeglut/freeglut/pull/155

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1281,16 +1281,16 @@ CVE-2024-24262 (media-server v1.0.0 was discovered to 
contain a Use-After-Free (
        NOT-FOR-US: media-server
 CVE-2024-24260 (media-server v1.0.0 was discovered to contain a Use-After-Free 
(UAF) v ...)
        NOT-FOR-US: media-server
-CVE-2024-24259 (mupdf v1.23.9 was discovered to contain a memory leak via the 
menuEntr ...)
-       - mupdf <unfixed> (unimportant)
-       NOTE: Memory leak in CLI tool, no security impact
+CVE-2024-24259
+       - freeglut <unfixed>
        NOTE: 
https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md
-       TODO: check report upstream
-CVE-2024-24258 (mupdf v1.23.9 was discovered to contain a memory leak via the 
menuEntr ...)
-       - mupdf <unfixed> (unimportant)
-       NOTE: Memory leak in CLI tool, no security impact
+       NOTE: https://github.com/freeglut/freeglut/pull/155
+       NOTE: Fixed by: 
https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
+CVE-2024-24258
+       - freeglut <unfixed>
        NOTE: 
https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md
-       TODO: check report upstream
+       NOTE: https://github.com/freeglut/freeglut/pull/155
+       NOTE: Fixed by: 
https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
 CVE-2024-23109 (An improper neutralization of special elements used in an os 
command ( ...)
        NOT-FOR-US: FortiGuard
 CVE-2024-23108 (An improper neutralization of special elements used in an os 
command ( ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e33eda7836ab031c94969e21087c203921ae36d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e33eda7836ab031c94969e21087c203921ae36d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to