[Git][security-tracker-team/security-tracker][master] CVE-2024-47072

Bastien Roucariès (@rouca) rouca at debian.org
Sat Dec 21 21:14:26 GMT 2024



Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef8c384d by Bastien Roucariès at 2024-12-21T21:12:00+00:00
CVE-2024-47072

Add commit fixing the issue.

Found by code review, it is the only commit that raise InputManipulationException exception as documented in CVE

Commit is self contained

Note that documentation commit 43e7156241a8cd176390ae853b472393724b55ed test for this exact exception

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12543,6 +12543,7 @@ CVE-2024-47072 (XStream is a simple library to serialize objects to XML and back
 	[bookworm] - libxstream-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hfq9-hggm-c56q
 	NOTE: https://x-stream.github.io/CVE-2024-47072.html
+	NOTE: Fixed by commit https://github.com/x-stream/xstream/commit/c8a939075f99895d76fe49de69d3570a3c401976 (1.4.21)
 CVE-2024-46961 (The Inshot com.downloader.privatebrowser (aka Video Downloader - XDown ...)
 	NOT-FOR-US: Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application
 CVE-2024-46960 (The ASD com.rocks.video.downloader (aka HD Video Downloader All Format ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef8c384d07c51139d4ca6e6acd6c433acce886dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef8c384d07c51139d4ca6e6acd6c433acce886dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241221/15e6b6e1/attachment.htm>


More information about the debian-security-tracker-commits mailing list