[Git][security-tracker-team/security-tracker][master] new pymatgen issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc367315 by Moritz Muehlenhoff at 2024-02-23T11:33:21+01:00
new pymatgen issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -373,7 +373,9 @@ CVE-2024-24476 (A buffer overflow in Wireshark before 4.2.0 allows a remote atta
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19344
 	NOTE: https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78
 CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python library  ...)
-	TODO: check
+	- pymatgen <unfixed>
+	NOTE: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f
+	NOTE: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a
 CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.)
 	NOT-FOR-US: HackMD CodiMD
 CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver when exitin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc367315758a1bf93c606921eab7957cb1aef23b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc367315758a1bf93c606921eab7957cb1aef23b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/a609ae1a/attachment.htm>