[Git][security-tracker-team/security-tracker][master] Add new frr issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 8 19:51:44 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ec36523 by Salvatore Bonaccorso at 2024-04-08T20:50:04+02:00
Add new frr issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,13 +22,22 @@ CVE-2024-3431 (A vulnerability was found in EyouCMS 1.6.5. It has been declared
 CVE-2024-3430 (A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been ...)
 	NOT-FOR-US: QKSMS
 CVE-2024-31951 (In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, ...)
-	TODO: check
+	- frr <unfixed>
+	NOTE: https://github.com/FRRouting/frr/pull/15674/
+	NOTE: Proposed fix: https://github.com/FRRouting/frr/pull/15674/commits/344fb4be2bc27316c74b17003c05ea40be395836
 CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow and dae ...)
-	TODO: check
+	- frr <unfixed>
+	NOTE: https://github.com/FRRouting/frr/pull/15674/
+	NOTE: Proposed fix: https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775
 CVE-2024-31949 (In FRRouting (FRR) through 9.1, an infinite loop can occur when receiv ...)
-	TODO: check
+	- frr <unfixed>
+	NOTE: https://github.com/FRRouting/frr/pull/15640
+	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b
 CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix S ...)
-	TODO: check
+	- frr <unfixed>
+	NOTE: https://github.com/FRRouting/frr/pull/15628
+	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
+	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07
 CVE-2024-31022 (An issue was discovered in CandyCMS version 1.0.0, allows remote attac ...)
 	NOT-FOR-US: CandyCMS
 CVE-2024-30675 (Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_V ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ec36523f3acd64c1474527100d8a538f03673a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ec36523f3acd64c1474527100d8a538f03673a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240408/0d1f3827/attachment.htm>

More information about the debian-security-tracker-commits mailing list