[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-264{58,61,62}/krb5: Add fixing commit

Thu Jul 25 16:57:23 BST 2024


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab5df5d7 by Adrian Bunk at 2024-07-25T16:41:36+03:00
CVE-2024-264{58,61,62}/krb5: Add fixing commit

- - - - -
8113fc3f by Adrian Bunk at 2024-07-25T16:53:19+03:00
CVE-2024-26462/krb5 does not affect buster or bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46597,21 +46597,25 @@ CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the comp
 CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
 	- krb5 <unfixed> (bug #1064965)
 	[bookworm] - krb5 <no-dsa> (Minor issue)
-	[bullseye] - krb5 <no-dsa> (Minor issue)
-	[buster] - krb5 <no-dsa> (Minor issue)
+	[bullseye] - krb5 <not-affected> (Vulnerable code introduced later)
+	[buster] - krb5 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
+	NOTE: Introduced by: https://github.com/krb5/krb5/commit/c85894cfb784257a6acb4d77d8c75137d2508f5e (krb5-1.20-beta1)
+	NOTE: Fixed by: https://github.com/krb5/krb5/commit/7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe
 CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
 	- krb5 <unfixed> (bug #1064965)
 	[bookworm] - krb5 <no-dsa> (Minor issue)
 	[bullseye] - krb5 <no-dsa> (Minor issue)
 	[buster] - krb5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md
+	NOTE: Fixed by: https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d
 CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...)
 	- krb5 <unfixed> (bug #1064965)
 	[bookworm] - krb5 <no-dsa> (Minor issue)
 	[bullseye] - krb5 <no-dsa> (Minor issue)
 	[buster] - krb5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
+	NOTE: Fixed by: https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d
 CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...)
 	NOT-FOR-US: Fluent Bit
 CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability in SYSBA ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0b5f97f3f038b013b420863856ccdcb5c2a6825c...8113fc3fb0a6b17b8aefad66779e843df5bd42bf

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0b5f97f3f038b013b420863856ccdcb5c2a6825c...8113fc3fb0a6b17b8aefad66779e843df5bd42bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240725/ab909f9c/attachment.htm>
