[Git][security-tracker-team/security-tracker][master] Add three snapd issues fixed in 2.62-1 release
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 25 21:49:57 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
33968fa7 by Salvatore Bonaccorso at 2024-07-25T22:49:16+02:00
Add three snapd issues fixed in 2.62-1 release
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,13 +43,19 @@ CVE-2024-36542 (Insecure permissions in kuma v2.7.0 allows attackers to access s
CVE-2024-36111 (KubePi is a K8s panel. Starting in version 1.6.3 and prior to version ...)
NOT-FOR-US: KubePi
CVE-2024-29069 (In snapd versions prior to 2.62, snapd failed to properly check the de ...)
- TODO: check
+ - snapd 2.62-1
+ NOTE: https://github.com/snapcore/snapd/pull/13682
CVE-2024-29068 (In snapd versions prior to 2.62, snapd failed to properly check the fi ...)
- TODO: check
+ - snapd 2.62-1
+ NOTE: https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 (2.62)
+ NOTE: https://github.com/snapcore/snapd/pull/13682
CVE-2024-28772 (IBM Security Directory Integrator 7.2.0 and IBM Security Verify Direct ...)
NOT-FOR-US: IBM
CVE-2024-1724 (In snapd versions prior to 2.62, when using AppArmor for enforcement o ...)
- TODO: check
+ - snapd 2.62-1
+ NOTE: https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6 (2.62)
+ NOTE: https://github.com/snapcore/snapd/pull/13689
+ NOTE: https://gld.mcphail.uk/posts/explaining-cve-2024-1724/
CVE-2023-7271 (Privilege escalation vulnerability in the NMS module Impact: Successfu ...)
NOT-FOR-US: Huawei
CVE-2024-7091 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33968fa784c927aa10e14eccecedd55f33c99f56
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33968fa784c927aa10e14eccecedd55f33c99f56
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240725/c7343aca/attachment.htm>
More information about the debian-security-tracker-commits
mailing list