[Git][security-tracker-team/security-tracker][master] Add two rapidjson issues: CVE-2024-38517 and CVE-2024-39684

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 11 06:24:25 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41324dd7 by Salvatore Bonaccorso at 2024-07-11T07:23:33+02:00
Add two rapidjson issues: CVE-2024-38517 and CVE-2024-39684

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -491,7 +491,8 @@ CVE-2024-39698 (electron-updater allows for automatic updates for Electron apps.
 CVE-2024-39697 (phonenumber is a library for parsing, formatting and validating intern ...)
 	NOT-FOR-US: Rust crate phonenumber
 CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...)
-	TODO: check
+	- rapidjson <unfixed>
+	NOTE: https://github.com/Tencent/rapidjson/issues/2289
 CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < ...)
 	NOT-FOR-US: Siemens
 CVE-2024-39571 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -519,7 +520,8 @@ CVE-2024-38970 (vaeThink 1.0.2 is vulnerable to Information Disclosure via the s
 CVE-2024-38867 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
 	NOT-FOR-US: Siemens
 CVE-2024-38517 (Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...)
-	TODO: check
+	- rapidjson <unfixed>
+	NOTE: https://github.com/Tencent/rapidjson/pull/1261
 CVE-2024-38363 (Airbyte is a data integration platform for ELT pipelines. Airbyte conn ...)
 	TODO: check
 CVE-2024-38278 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All ver ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41324dd7a9c12b81cde16bd2cc7af5ef9571b0ce

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41324dd7a9c12b81cde16bd2cc7af5ef9571b0ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240711/371f33d3/attachment.htm>

More information about the debian-security-tracker-commits mailing list