[Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-2425{8,9}

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 12 20:34:41 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e33eda7 by Salvatore Bonaccorso at 2024-02-12T21:32:38+01:00
Update information on CVE-2024-2425{8,9}

Actual issue was in freeglut and the CVE records now have a reference to
the freeglut repostitory. Update tracking accordingly (and for now drop
the unimportant severity, but might actually be still correct).
The pull request additionally as well explicitly associate the two CVEs
with freeglut.

Link: https://github.com/freeglut/freeglut/pull/155

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1281,16 +1281,16 @@ CVE-2024-24262 (media-server v1.0.0 was discovered to contain a Use-After-Free (
 	NOT-FOR-US: media-server
 CVE-2024-24260 (media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) v ...)
 	NOT-FOR-US: media-server
-CVE-2024-24259 (mupdf v1.23.9 was discovered to contain a memory leak via the menuEntr ...)
-	- mupdf <unfixed> (unimportant)
-	NOTE: Memory leak in CLI tool, no security impact
+CVE-2024-24259
+	- freeglut <unfixed>
 	NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md
-	TODO: check report upstream
-CVE-2024-24258 (mupdf v1.23.9 was discovered to contain a memory leak via the menuEntr ...)
-	- mupdf <unfixed> (unimportant)
-	NOTE: Memory leak in CLI tool, no security impact
+	NOTE: https://github.com/freeglut/freeglut/pull/155
+	NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
+CVE-2024-24258
+	- freeglut <unfixed>
 	NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md
-	TODO: check report upstream
+	NOTE: https://github.com/freeglut/freeglut/pull/155
+	NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
 CVE-2024-23109 (An improper neutralization of special elements used in an os command ( ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-23108 (An improper neutralization of special elements used in an os command ( ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e33eda7836ab031c94969e21087c203921ae36d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e33eda7836ab031c94969e21087c203921ae36d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240212/6818fabb/attachment.htm>

More information about the debian-security-tracker-commits mailing list