[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2024-25260/elfutils

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 20 22:03:53 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7095a387 by Salvatore Bonaccorso at 2024-02-20T23:03:34+01:00
Add CVE-2024-25260/elfutils

- - - - -
84a6fa4e by Salvatore Bonaccorso at 2024-02-20T23:03:35+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,10 @@ CVE-2024-25274 (An arbitrary file upload vulnerability in the component /sysFile
 CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer overflo ...)
 	TODO: check
 CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer dereference v ...)
-	TODO: check
+	- elfutils <unfixed> (unimportant)
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31058
+	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=373f5212677235fc3ca6068b887111554790f944
+	NOTE: Crash in CLI tool, considered only to be a normal bug by upstream
 CVE-2024-25199 (Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node. ...)
 	TODO: check
 CVE-2024-25198 (Inappropriate pointer order of laser_scan_filter_.reset() and tf_liste ...)
@@ -118,11 +121,11 @@ CVE-2024-21678 (This High severity Stored XSS vulnerability was introduced in ve
 CVE-2024-1661 (A vulnerability classified as problematic was found in Totolink X6000R ...)
 	NOT-FOR-US: Totolink
 CVE-2024-1608 (In OPPO Usercenter Credit SDK, there's a possible escalation of privil ...)
-	TODO: check
+	NOT-FOR-US: OPPO
 CVE-2024-1586 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1570 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1557 (Memory safety bugs present in Firefox 122. Some of these bugs showed e ...)
 	TODO: check
 CVE-2024-1556 (The incorrect object was checked for NULL in the built-in profiler, po ...)
@@ -404,7 +407,7 @@ CVE-2024-1647 (Pyhtml2pdf version 0.0.6 allows an external attacker to remotely
 CVE-2024-1644 (Suite CRM version 7.14.2 allows including local php files. This is pos ...)
 	NOT-FOR-US: Suite CRM
 CVE-2024-1638 (The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GAT ...)
-	TODO: check
+	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2024-1559 (The Link Library plugin for WordPress is vulnerable to Stored Cross-Si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1510 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/699c8f8ecc20f47714b621c52c8ccef0dfc48ad4...84a6fa4e02434f9e444ca0136dd4e116f8041195

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/699c8f8ecc20f47714b621c52c8ccef0dfc48ad4...84a6fa4e02434f9e444ca0136dd4e116f8041195
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240220/6a289e33/attachment.htm>


More information about the debian-security-tracker-commits mailing list