[Git][security-tracker-team/security-tracker][master] CVE-2024-47072
Bastien Roucariès (@rouca)
rouca at debian.org
Sat Dec 21 21:14:26 GMT 2024
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef8c384d by Bastien Roucariès at 2024-12-21T21:12:00+00:00
CVE-2024-47072
Add commit fixing the issue.
Found by code review, it is the only commit that raise InputManipulationException exception as documented in CVE
Commit is self contained
Note that documentation commit 43e7156241a8cd176390ae853b472393724b55ed test for this exact exception
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12543,6 +12543,7 @@ CVE-2024-47072 (XStream is a simple library to serialize objects to XML and back
[bookworm] - libxstream-java <no-dsa> (Minor issue)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
NOTE: https://x-stream.github.io/CVE-2024-47072.html
+ NOTE: Fixed by commit https://github.com/x-stream/xstream/commit/c8a939075f99895d76fe49de69d3570a3c401976 (1.4.21)
CVE-2024-46961 (The Inshot com.downloader.privatebrowser (aka Video Downloader - XDown ...)
NOT-FOR-US: Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application
CVE-2024-46960 (The ASD com.rocks.video.downloader (aka HD Video Downloader All Format ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef8c384d07c51139d4ca6e6acd6c433acce886dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef8c384d07c51139d4ca6e6acd6c433acce886dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241221/15e6b6e1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list