[Git][security-tracker-team/security-tracker][master] Add CVE-2024-39689/python-certifi

Fri Jul 5 21:55:38 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1349de74 by Salvatore Bonaccorso at 2024-07-05T22:54:58+02:00
Add CVE-2024-39689/python-certifi

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,7 +22,9 @@ CVE-2024-39696 (Evmos is a decentralized Ethereum Virtual Machine chain on the C
 CVE-2024-39691 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...)
 	TODO: check
 CVE-2024-39689 (Certifi is a curated collection of Root Certificates for validating th ...)
-	TODO: check
+	- python-certifi <unfixed> (unimportant)
+	NOTE: https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
+	NOTE: Debian's python-certifi is patched to return the location of Debian-provided CA certificates
 CVE-2024-39687 (Fedify is a TypeScript library for building federated server apps powe ...)
 	TODO: check
 CVE-2024-39321 (Traefik is an HTTP reverse proxy and load balancer. Versions prior to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1349de74992a542b98cfbbee937077e4e4849530

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1349de74992a542b98cfbbee937077e4e4849530
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240705/dd79a8d6/attachment.htm>
