[Git][security-tracker-team/security-tracker][master] Track fixed version for some nginx issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 20 23:16:55 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5211958c by Salvatore Bonaccorso at 2024-08-21T00:15:47+02:00
Track fixed version for some nginx issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1790,7 +1790,7 @@ CVE-2023-35123 (Uncaught exception in OpenBMC Firmware for some Intel(R) Server
CVE-2023-34424 (Improper input validation in firmware for some Intel(R) CSME may allow ...)
NOT-FOR-US: Intel
CVE-2024-7347 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
- - nginx <unfixed> (bug #1078971)
+ - nginx 1.26.0-2 (bug #1078971)
[bookworm] - nginx <no-dsa> (Minor issue)
[bullseye] - nginx <no-dsa> (Minor issue)
NOTE: https://github.com/nginx/nginx/commit/88955b1044ef38315b77ad1a509d63631a790a0f (release-1.27.1)
@@ -20890,7 +20890,7 @@ CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact
CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact Center Busi ...)
NOT-FOR-US: Mitel
CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
- - nginx <unfixed> (unimportant)
+ - nginx 1.26.0-2 (unimportant)
[bookworm] - nginx <not-affected> (Vulnerable code not present)
[bullseye] - nginx <not-affected> (Vulnerable code not present)
[buster] - nginx <not-affected> (Vulnerable code not present)
@@ -20899,21 +20899,21 @@ CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QU
CVE-2024-34715 (Fides is an open-source privacy engineering platform. The Fides webser ...)
NOT-FOR-US: Fides
CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
- - nginx <unfixed> (unimportant)
+ - nginx 1.26.0-2 (unimportant)
[bookworm] - nginx <not-affected> (Vulnerable code not present)
[bullseye] - nginx <not-affected> (Vulnerable code not present)
[buster] - nginx <not-affected> (Vulnerable code not present)
NOTE: https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
NOTE: HTTP3 not enabled in Debian build
CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
- - nginx <unfixed> (unimportant)
+ - nginx 1.26.0-2 (unimportant)
[bookworm] - nginx <not-affected> (Vulnerable code not present)
[bullseye] - nginx <not-affected> (Vulnerable code not present)
[buster] - nginx <not-affected> (Vulnerable code not present)
NOTE: https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
NOTE: HTTP3 not enabled in Debian build
CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
- - nginx <unfixed> (unimportant)
+ - nginx 1.26.0-2 (unimportant)
[bookworm] - nginx <not-affected> (Vulnerable code not present)
[bullseye] - nginx <not-affected> (Vulnerable code not present)
[buster] - nginx <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5211958cc5e457cefa17236b1487e8ae052ce74e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5211958cc5e457cefa17236b1487e8ae052ce74e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240820/4cb75a7c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list