[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-6716 as unimportant

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 24 06:48:39 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64351972 by Salvatore Bonaccorso at 2024-07-24T07:46:55+02:00
Mark CVE-2024-6716 as unimportant

Risk of OOM documented and following recommendations mitigate the
problems. So treat this as unimportant for now. Do not mark it as fixed
with the manpage update (which might be discussed to do, as this will be
the version including the recommendations in an offcial documentation).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2003,10 +2003,11 @@ CVE-2023-52885 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-6465 (The WP Links Page plugin for WordPress is vulnerable to unauthorized m ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6716 (A flaw was found in the libtiff library. An out-of-memory issue in the ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2297636
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/620
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553
+	NOTE: Negligible security impact if following documentation/recommendations
 CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path Disclosure ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6070 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64351972f9a5938524c44201794a90802e489d9e

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64351972f9a5938524c44201794a90802e489d9e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240724/2fc95177/attachment.htm>

More information about the debian-security-tracker-commits mailing list