[Git][security-tracker-team/security-tracker][master] new docker.io issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Dec 3 09:12:32 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bdea682a by Moritz Muehlenhoff at 2024-12-03T10:12:05+01:00
new docker.io issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -637,13 +637,19 @@ CVE-2024-36625 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the re
 CVE-2024-36624 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construc ...)
 	NOT-FOR-US: Zulip
 CVE-2024-36623 (moby v25.0.3 has a Race Condition vulnerability in the streamformatter ...)
-	TODO: check
+	- docker.io 26.1.4+dfsg1-9
+	NOTE: https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb (v26.0.0-rc1)
 CVE-2024-36622 (In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnera ...)
 	NOT-FOR-US: RaspAP raspap-webgui
 CVE-2024-36621 (moby v25.0.5 is affected by a Race Condition in builder/builder-next/a ...)
-	TODO: check
+	- docker.io 26.1.4+dfsg1-9
+	NOTE: https://github.com/moby/moby/commit/37545cc644344dcb576cba67eb7b6f51a463d31e (v26.0.0-rc2)
 CVE-2024-36620 (moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via d ...)
-	TODO: check
+	- docker.io 26.1.4+dfsg1-9
+	[bookworm] - docker.io <not-affected> (Vulnerable code not present)
+	[bullseye] - docker.io <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4 (v26.1.0)
+	NOTE: Introduced in https://github.com/moby/moby/commit/2a6ff3c24fd790e5d42d2eabaf6acf06edfe6975 (v25.0.0-beta.1)
 CVE-2024-36619 (FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavco ...)
 	- ffmpeg 7:7.1-3
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4 (n7.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdea682a9ec1b6ce485a4edd9d99102d3420a580

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdea682a9ec1b6ce485a4edd9d99102d3420a580
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241203/77a4bacf/attachment.htm>

More information about the debian-security-tracker-commits mailing list