[Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2024-25189 commits

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 9 20:20:58 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4524eb3 by Salvatore Bonaccorso at 2024-02-09T21:18:09+01:00
Add upstream tag information for CVE-2024-25189 commits

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -209,8 +209,8 @@ CVE-2024-25190 (l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify
 CVE-2024-25189 (libjwt 1.15.3 uses strcmp (which is not constant time) to verify authe ...)
 	- libjwt <unfixed> (bug #1063534)
 	NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.md
-	NOTE: https://github.com/benmcollins/libjwt/commit/f73bac57c5bece16ac24f1a70022aa34355fc1bf
-	NOTE: https://github.com/benmcollins/libjwt/commit/a5d61ef4f1b383876e0a78534383f38159471fd6
+	NOTE: https://github.com/benmcollins/libjwt/commit/f73bac57c5bece16ac24f1a70022aa34355fc1bf (v1.17.0)
+	NOTE: https://github.com/benmcollins/libjwt/commit/a5d61ef4f1b383876e0a78534383f38159471fd6 (v1.17.0)
 CVE-2024-24886 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-24885 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4524eb31d0497db4a2eb5e9749241aade829ed1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4524eb31d0497db4a2eb5e9749241aade829ed1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240209/5a49132b/attachment.htm>


More information about the debian-security-tracker-commits mailing list