[Git][security-tracker-team/security-tracker][master] Concluded that CVE-2024-25768 is a minor issue.

Mon, 04 Mar 2024 15:10:51 -0800 


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4da981b2 by Ola Lundqvist at 2024-03-05T00:08:30+01:00
Concluded that CVE-2024-25768 is a minor issue.

  The issue occurs if a null list buffer is provided but a non-zero length
  of that buffer is provided. In opendmarc itself this will never happen
  because the list buffer is always provided with null value and zero
  length.

  When opendmarc is used as a library it is reasonable to assume that
  providing a null list and non-zero value for such a list is a
  programming error.

  There are no reverse dependencies for libopendmarc-dev in buster.
  If someone builds an application that have such an error it is likely
  going to have other more severe problems. It is still a vulnerability
  but the vulnerability is more in the application calling this function
  than something else.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2653,6 +2653,7 @@ CVE-2024-25770 (libming 0.4.8 contains a memory leak 
vulnerability in /libming/s
        - ming <removed>
 CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference 
vulnerability in / ...)
        - opendmarc <unfixed>
+       [buster] - opendmarc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md
 CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in 
/nanomq/nng/s ...)
        NOT-FOR-US: NanoMQ



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4da981b21fb6ef71f9d3230708c2589372934e34

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4da981b21fb6ef71f9d3230708c2589372934e34
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to