[Git][security-tracker-team/security-tracker][master] CVE-2024-31031/libcoap: buster not-affected + UB-related commits

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Mon Apr 29 21:40:55 BST 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f4efcf2 by Sylvain Beucler at 2024-04-29T22:40:40+02:00
CVE-2024-31031/libcoap: buster not-affected + UB-related commits

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2455,13 +2455,16 @@ CVE-2024-31040 (Buffer Overflow vulnerability in the get_var_integer function in
 	NOT-FOR-US: NanoMQ
 CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause un ...)
 	- libcoap <removed>
+	[buster] - libcoap <not-affected> (Vulnerable code not present)
 	- libcoap2 <removed>
 	[bullseye] - libcoap2 <no-dsa> (Minor issue)
 	[buster] - libcoap2 <not-affected> (Vulnerable code not present)
 	- libcoap3 <unfixed>
 	[bookworm] - libcoap3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/obgm/libcoap/issues/1351
-	NOTE: https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
+	NOTE: https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928 (develop)
+	NOTE: Introduced by: https://github.com/obgm/libcoap/commit/7033555d2978b8d4d5e16d43cfbfe1b1781c418f (v4.3.0-rc1)
+	NOTE: Introduced by: https://github.com/obgm/libcoap/commit/47a83549a80dad9a83f84cdfaba54c54defb5444 (v4.3.2-rc1)
 CVE-2024-30990 (SQL Injection vulnerability in the "Invoices" page in phpgurukul Clien ...)
 	NOT-FOR-US: phpgurukul Client Management System
 CVE-2024-30989 (Cross Site Scripting vulnerability in /edit-client-details.php of phpg ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4efcf2a3c006d9a56b2de7b5e9a4a0160e515c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4efcf2a3c006d9a56b2de7b5e9a4a0160e515c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240429/d574015f/attachment.htm>

More information about the debian-security-tracker-commits mailing list