[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2024-2312/grub2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 5 21:18:40 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58fc63bd by Salvatore Bonaccorso at 2024-04-05T22:18:09+02:00
Add CVE-2024-2312/grub2

- - - - -
30951a10 by Salvatore Bonaccorso at 2024-04-05T22:18:12+02:00
Add two c-blosc2 issues (but retain TODO item)

- - - - -
00b46a71 by Salvatore Bonaccorso at 2024-04-05T22:18:14+02:00
Add CVE-2020-25730/zoneminder

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,7 +39,11 @@ CVE-2024-2447 (Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.
 CVE-2024-2380 (Stored XSS in graph rendering in Checkmk <2.3.0b4.)
 	TODO: check
 CVE-2024-2312 (GRUB2 does not call the module fini functions on exit, leading to Debi ...)
-	TODO: check
+	- grub2 2.12-2
+	[bookworm] - grub2 <not-affected> (Vulnerable code not present)
+	[bullseye] - grub2 <not-affected> (Vulnerable code not present)
+	[buster] - grub2 <not-affected> (Vulnerable code not present)
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127
 CVE-2024-29783 (In tmu_get_tr_thresholds, there is a possible out of bounds read due t ...)
 	TODO: check
 CVE-2024-29782 (In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of boun ...)
@@ -1244,8 +1248,10 @@ CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classif
 	NOTE: https://vuldb.com/?submit.304561
 	NOTE: https://github.com/yaml/libyaml/issues/289
 CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...)
+	- c-blosc2 <unfixed>
 	TODO: check
 CVE-2024-3203 (A vulnerability, which was classified as critical, was found in c-blos ...)
+	- c-blosc2 <unfixed>
 	TODO: check
 CVE-2024-3202 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: codelyfe Stupid Simple CMS
@@ -256994,7 +257000,8 @@ CVE-2020-25732
 CVE-2020-25731
 	RESERVED
 CVE-2020-25730 (Cross Site Scripting (XSS) vulnerability in ZoneMinder before version  ...)
-	TODO: check
+	- zoneminder 1.34.21-1
+	NOTE: Fixed by: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413 (1.34.21)
 CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to downloa ...)
 	- zoneminder 1.34.21-1 (unimportant)
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5467c83017e246ff2f48d84d96a2716fa5727cdb...00b46a7148e0f68c6860ce966d100c5b68251c99

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5467c83017e246ff2f48d84d96a2716fa5727cdb...00b46a7148e0f68c6860ce966d100c5b68251c99
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240405/4eea8a49/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list