Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: db7ea938 by Sylvain Beucler at 2025-05-19T23:00:26+02:00 CVE-2024-6501/network-manager: bullseye not-affected + introductory patch + drop from dla-needed.txt Introductory patch referenced in merged commit: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/c2cddd3241349c0d5612d7603261c182fbc6d7c3 nm_lldp_neighbor_parse() not present in bullseye. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -93720,10 +93720,11 @@ CVE-2024-33862 (A buffer-management vulnerability in OPC Foundation OPCFoundatio CVE-2024-6501 (A flaw was found in NetworkManager. When a system running NetworkManag ...) - network-manager 1.49.90-2 (bug #1076294) [bookworm] - network-manager 1.42.4-1+deb12u1 - [bullseye] - network-manager <no-dsa> (Minor issue) + [bullseye] - network-manager <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295734 NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1550 NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2007 + NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/630de288d2e4e01d9ed89218722c0f52b2173128 (1.41.4-dev) NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/79c1f8c93ad620d02f61ffa49dd3df04fca48069 (1.49.5-dev) CVE-2023-39329 (A flaw was found in OpenJPEG. A resource exhaustion can occur in the o ...) - openjpeg2 <unfixed> (bug #1081910) ===================================== data/dla-needed.txt ===================================== @@ -261,10 +261,6 @@ nagvis net-tools (Adrian Bunk) NOTE: 20250515: Added by Front-Desk (apo) -- -network-manager - NOTE: 20250519: Added by Front-Desk (Beuc) - NOTE: 20250519: Follow fixes from bookworm 12.11 (CVE-2024-6501) (Beuc/front-desk) --- nginx NOTE: 20250207: Added by Front-Desk (apo) NOTE: 20250327: The fix for CVE-2020-36309 still needs testing (andrewsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db7ea938bba66ef1f9d30f8d96134a734057d1cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db7ea938bba66ef1f9d30f8d96134a734057d1cc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
