[Git][security-tracker-team/security-tracker][master] Add new frr issues

Mon, 08 Apr 2024 11:51:58 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4ec36523 by Salvatore Bonaccorso at 2024-04-08T20:50:04+02:00
Add new frr issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,13 +22,22 @@ CVE-2024-3431 (A vulnerability was found in EyouCMS 1.6.5. 
It has been declared
 CVE-2024-3430 (A vulnerability was found in QKSMS up to 3.9.4 on Android. It 
has been ...)
        NOT-FOR-US: QKSMS
 CVE-2024-31951 (In the Opaque LSA Extended Link parser in FRRouting (FRR) 
through 9.1, ...)
-       TODO: check
+       - frr <unfixed>
+       NOTE: https://github.com/FRRouting/frr/pull/15674/
+       NOTE: Proposed fix: 
https://github.com/FRRouting/frr/pull/15674/commits/344fb4be2bc27316c74b17003c05ea40be395836
 CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow 
and dae ...)
-       TODO: check
+       - frr <unfixed>
+       NOTE: https://github.com/FRRouting/frr/pull/15674/
+       NOTE: Proposed fix: 
https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775
 CVE-2024-31949 (In FRRouting (FRR) through 9.1, an infinite loop can occur 
when receiv ...)
-       TODO: check
+       - frr <unfixed>
+       NOTE: https://github.com/FRRouting/frr/pull/15640
+       NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b
 CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed 
Prefix S ...)
-       TODO: check
+       - frr <unfixed>
+       NOTE: https://github.com/FRRouting/frr/pull/15628
+       NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
+       NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07
 CVE-2024-31022 (An issue was discovered in CandyCMS version 1.0.0, allows 
remote attac ...)
        NOT-FOR-US: CandyCMS
 CVE-2024-30675 (Unauthorized node injection vulnerability in ROS2 Iron Irwini 
in ROS_V ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ec36523f3acd64c1474527100d8a538f03673a6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ec36523f3acd64c1474527100d8a538f03673a6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to