[Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for CVE-2024-36611

Sun Dec 1 17:24:53 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fef0b0eb by Salvatore Bonaccorso at 2024-12-01T18:23:34+01:00
Add Debian bug reference for CVE-2024-36611

- - - - -
0869b47a by Salvatore Bonaccorso at 2024-12-01T18:23:36+01:00
Add Debian bug references for two jpeg-xl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -161,7 +161,7 @@ CVE-2024-36612 (Zulip from 8.0 to 8.3 contains a memory leak vulnerability in th
 	NOT-FOR-US: Zulip
 CVE-2024-36611 (In Symfony v7.07, a security vulnerability was identified in the FormL ...)
 	[experimental] - symfony 7.1.0~beta1+dfsg-1
-	- symfony <unfixed>
+	- symfony <unfixed> (bug #1088817)
 	NOTE: https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995 (v7.1.0-BETA1)
 CVE-2024-36610 (A deserialization vulnerability exists in the Stub class of the VarDum ...)
 	- symfony 6.4.4+dfsg-3
@@ -1098,12 +1098,12 @@ CVE-2024-11647 (A vulnerability, which was classified as critical, has been foun
 CVE-2024-11646 (A vulnerability classified as critical was found in 1000 Projects Beau ...)
 	NOT-FOR-US: 1000 Projects Beauty Parlour Management System
 CVE-2024-11498 (There exists a stack buffer overflow in libjxl.A specifically-crafted  ...)
-	- jpeg-xl <unfixed>
+	- jpeg-xl <unfixed> (bug #1088818)
 	[bookworm] - jpeg-xl <no-dsa> (Minor issue)
 	NOTE: https://github.com/libjxl/libjxl/pull/3943
 	NOTE: https://github.com/libjxl/libjxl/commit/bf4781a2eed2eef664790170977d1d3d8347efb9
 CVE-2024-11403 (There exists an out of bounds read/write in LibJXL versions prior to c ...)
-	- jpeg-xl <unfixed>
+	- jpeg-xl <unfixed> (bug #1088818)
 	NOTE: https://github.com/libjxl/libjxl/commit/9cc451b91b74ba470fd72bd48c121e9f33d24c99
 CVE-2024-10710 (The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ba748b96d6357f694108d5f2bd076147f80f414d...0869b47ae573d6c236dd7a34b6a0065c7e28e866

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ba748b96d6357f694108d5f2bd076147f80f414d...0869b47ae573d6c236dd7a34b6a0065c7e28e866
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241201/4b772e75/attachment.htm>
