Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8cea774f by Sylvain Beucler at 2024-03-16T13:36:03+01:00 CVE-2024-26540/cimg: buster postponed, reference patch - - - - - 246888dc by Sylvain Beucler at 2024-03-16T13:44:52+01:00 CVE-2024-28849/node-follow-redirects: buster postponed - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -351,7 +351,12 @@ CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via - cimg <unfixed> [bookworm] - cimg <no-dsa> (Minor issue) [bullseye] - cimg <no-dsa> (Minor issue) + [buster] - cimg <postponed> (Minor issue; no rdeps) NOTE: https://github.com/GreycLab/CImg/issues/403 + NOTE: https://github.com/GreycLab/CImg/commit/6a97a5209987e60fcce293ea102a068a88085098 (v.3.3.3) + NOTE: https://github.com/GreycLab/CImg/commit/c214dfee22a3fedcfae48fba7645f7a819cc9385 (v.3.3.3) + NOTE: https://github.com/GreycLab/CImg/commit/ec6a1f2183620a90b4dcf456813e597ade791dc6 (v.3.3.3) + NOTE: https://github.com/GreycLab/CImg/commit/cb9c5518905ea370954a59903ff747650c6edd40 (v.3.3.3) CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) NOT-FOR-US: Greek Universities Network Open eClass CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) @@ -417,6 +422,7 @@ CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for Node - node-follow-redirects <unfixed> (bug #1066971) [bookworm] - node-follow-redirects <no-dsa> (Minor issue) [bullseye] - node-follow-redirects <no-dsa> (Minor issue) + [buster] - node-follow-redirects <postponed> (Follow-up to CVE-2022-0155) NOTE: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp NOTE: https://github.com/psf/requests/issues/1885 NOTE: https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b (v1.15.6) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5c76fbe69e1756873c56b82990615c555d15f113...246888dcbdba2fe2cdc324dabfe4f7aa6abfab02 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5c76fbe69e1756873c56b82990615c555d15f113...246888dcbdba2fe2cdc324dabfe4f7aa6abfab02 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits