Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37c6631a by Moritz Muehlenhoff at 2025-05-09T12:39:41+02:00
llama.cpp is in the archive now
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -81059,11 +81059,11 @@ CVE-2024-42481 (Skyport Daemon (skyportd) is the
daemon for the Skyport Panel. B
CVE-2024-42480 (Kamaji is the Hosted Control Plane Manager for Kubernetes. In
versions ...)
NOT-FOR-US: Kamaji
CVE-2024-42479 (llama.cpp provides LLM inference in C/C++. The unsafe `data`
pointer m ...)
- NOT-FOR-US: ggerganov/llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-42478 (llama.cpp provides LLM inference in C/C++. The unsafe `data`
pointer m ...)
- NOT-FOR-US: ggerganov/llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-42477 (llama.cpp provides LLM inference in C/C++. The unsafe `type`
member in ...)
- NOT-FOR-US: ggerganov/llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-42474 (Streamlit is a data oriented application development framework
for pyt ...)
NOT-FOR-US: Streamlit
CVE-2024-42167 (The function "generate_app_certificates" in
controllers/saml2/saml2.js ...)
@@ -85728,7 +85728,7 @@ CVE-2024-41132 (ImageSharp is a 2D graphics API. A
vulnerability discovered in t
CVE-2024-41131 (ImageSharp is a 2D graphics API. An Out-of-bounds Write
vulnerability ...)
NOT-FOR-US: ImageSharp
CVE-2024-41130 (llama.cpp provides LLM inference in C/C++. Prior to b3427,
llama.cpp c ...)
- NOT-FOR-US: llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-41129 (The ops library is a Python framework for developing and
testing Kuber ...)
NOT-FOR-US: operator python module (Pure Python framework for writing
Juju charms)
CVE-2024-40634 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
@@ -113953,7 +113953,7 @@ CVE-2024-32883 (MCUboot is a secure bootloader for
32-bits microcontrollers. MCU
CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps,
and peo ...)
NOT-FOR-US: Danswer
CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of
uninitialized h ...)
- NOT-FOR-US: llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0
allows att ...)
NOT-FOR-US: Lavalite CMS
CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a
remote a ...)
@@ -132702,9 +132702,9 @@ CVE-2024-23835 (Suricata is a network Intrusion
Detection System, Intrusion Prev
NOTE:
https://github.com/OISF/suricata/commit/b0d762d2675a2441b74e039d54bfa5b050641f8e
(suricata-7.0.3)
NOTE:
https://github.com/OISF/suricata/commit/61a32360eba3c032de51029a05515ab46690286f
(suricata-7.0.3)
CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- NOT-FOR-US: llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- NOT-FOR-US: llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to
contain a Ser ...)
NOT-FOR-US: Tencent Blueking CMDB
CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2
SSL con ...)
@@ -132714,11 +132714,11 @@ CVE-2024-22201 (Jetty is a Java based web server
and servlet engine. An HTTP/2 S
NOTE: https://github.com/jetty/jetty.project/issues/11256
NOTE: Fixed by:
https://github.com/jetty/jetty.project/commit/86586df0a8a4d9c6b5af9a621ad1adf1b494d39b
(jetty-9.4.54.v20240208)
CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- NOT-FOR-US: llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- NOT-FOR-US: llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
- NOT-FOR-US: llama.cpp
+ - llama.cpp <not-affected> (Fixed before initial upload)
CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <=
2.1.0 coul ...)
NOT-FOR-US: Showdownjs
CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link
to an au ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c6631a36a60b3a30fb9dbd5d5614f74fd79c84
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c6631a36a60b3a30fb9dbd5d5614f74fd79c84
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
