[Git][security-tracker-team/security-tracker][master] Update CVE-2024-27454 after python-orjson entering unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
419a7431 by Salvatore Bonaccorso at 2024-07-26T22:19:55+02:00
Update CVE-2024-27454 after python-orjson entering unstable

Issue was not fixed with the initial upload, so add some additional
references to fill the respective bug.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47008,7 +47008,9 @@ CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions
 CVE-2024-27455 (In the Bentley ALIM Web application, certain configuration settings ca ...)
 	NOT-FOR-US: Bentley
 CVE-2024-27454 (orjson.loads in orjson before 3.9.15 does not limit recursion for deep ...)
-	- python-orjson <unfixed> (bug #1002996)
+	- python-orjson <unfixed>
+	NOTE: https://github.com/ijl/orjson/issues/458
+	NOTE: Fixed by: https://github.com/ijl/orjson/commit/b0e4d2c06ce06c6e63981bf0276e4b7c74e5845e (3.9.15)
 CVE-2024-27447 (pretix before 2024.1.1 mishandles file validation.)
 	NOT-FOR-US: pretix
 CVE-2024-27444 (langchain_experimental (aka LangChain Experimental) in LangChain befor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/419a74313b75021ec884d9031824e08cacd2bb16

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/419a74313b75021ec884d9031824e08cacd2bb16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240726/4b2250a8/attachment.htm>