[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36050/nix

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fc2be6c7 by Salvatore Bonaccorso at 2024-05-20T09:04:02+02:00
Add CVE-2024-36050/nix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -448,7 +448,10 @@ CVE-2024-5096 (A vulnerability classified as problematic 
was found in Hipcam Dev
 CVE-2024-5095 (A vulnerability classified as problematic has been found in 
Victor Zsv ...)
        NOT-FOR-US: Victor Zsviot Camera
 CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches, 
which make ...)
-       TODO: check
+       - nix <unfixed>
+       NOTE: https://github.com/NixOS/nix/issues/969
+       NOTE: https://github.com/NixOS/ofborg/issues/68#issuecomment-2082789441
+       TODO: check details and verify if same code (and only then) is present 
in guix
 CVE-2024-36048 (QAbstractOAuth in Qt Network Authorization in Qt before 
5.15.17, 6.x b ...)
        TODO: check
 CVE-2024-28064 (Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows 
/responsiveUI/Env ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc2be6c7838206d17a9dabaee7364fa1271d62f2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc2be6c7838206d17a9dabaee7364fa1271d62f2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits