[Git][security-tracker-team/security-tracker][master] Associate CVE-2024-2653 with php-amphp-http and php-amphp-http-client
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 4 20:32:17 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4fb380d5 by Salvatore Bonaccorso at 2024-04-04T21:30:56+02:00
Associate CVE-2024-2653 with php-amphp-http and php-amphp-http-client
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -341,7 +341,10 @@ CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are eith
CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5 ...)
NOT-FOR-US: Concrete CMS
CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded buffer and ...)
- NOT-FOR-US: amphp/http
+ - php-amphp-http <itp> (bug #1011337)
+ - php-amphp-http-client <itp> (bug #1011274)
+ NOTE: https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm
+ NOTE: https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4
CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr ERP CRM u ...)
- dolibarr <removed>
CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fb380d559b1d3bac437ff5b097c8eb365e9292d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fb380d559b1d3bac437ff5b097c8eb365e9292d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240404/058b8bce/attachment.htm>
More information about the debian-security-tracker-commits
mailing list