[Git][security-tracker-team/security-tracker][master] Merge CVE rust-gix-* package entries to those with CVE aliases in RUSTSEC advisory

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 28 13:56:51 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a57f6de by Salvatore Bonaccorso at 2024-07-28T14:55:47+02:00
Merge CVE rust-gix-* package entries to those with CVE aliases in RUSTSEC advisory

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,30 +2,6 @@ CVE-2024-XXXX [RUSTSEC-2024-0359]
 	- rust-gix-attributes <unfixed>
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0359.html
 	NOTE: https://github.com/Byron/gitoxide/issues/1460
-CVE-2024-XXXX [RUSTSEC-2024-0355]
-	- rust-gix-path <not-affected> (Windows-specific)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0355.html
-CVE-2024-XXXX [RUSTSEC-2024-0351]
-	- rust-gix-ref <not-affected> (Windows-specific)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0351.html
-CVE-2024-XXXX [RUSTSEC-2024-0348]
-	- rust-gix-index <unfixed>
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0348.html
-	NOTE: https://github.com/advisories/GHSA-7w47-3wg8-547c
-CVE-2024-XXXX [RUSTSEC-2024-0352]
-	- rust-gix-index <not-affected> (Windows-specific)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0352.html
-CVE-2024-XXXX [RUSTSEC-2024-0353]
-	- rust-gix-worktree <not-affected> (Windows-specific)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0353.html
-CVE-2024-XXXX [RUSTSEC-2024-0349]
-	- rust-gix-worktree <unfixed>
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0349.html
-	NOTE: https://github.com/advisories/GHSA-7w47-3wg8-547c
-CVE-2024-XXXX [RUSTSEC-2024-0350]
-	- rust-gix-fs <unfixed>
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0350.html
-	NOTE: https://github.com/advisories/GHSA-7w47-3wg8-547c
 CVE-2024-7153 (A vulnerability classified as problematic has been found in Netgear WN ...)
 	NOT-FOR-US: Netgear
 CVE-2024-7152 (A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rate ...)
@@ -1373,7 +1349,8 @@ CVE-2024-40647 (sentry-sdk is the official Python SDK for Sentry.io. A bug in Se
 	NOTE: https://github.com/getsentry/sentry-python/pull/3251
 	NOTE: https://github.com/getsentry/sentry-python/commit/763e40aa4cb57ecced467f48f78f335c87e9bdff (2.8.0)
 CVE-2024-40644 (gitoxide An idiomatic, lean, fast & safe pure Rust implementation of G ...)
-	TODO: check
+	- rust-gix-path <not-affected> (Windows-specific)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0355.html
 CVE-2024-40629 (JumpServer is an open-source Privileged Access Management (PAM) tool t ...)
 	NOT-FOR-US: JumpServer
 CVE-2024-40628 (JumpServer is an open-source Privileged Access Management (PAM) tool t ...)
@@ -15890,9 +15867,22 @@ CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distribut
 CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...)
 	NOT-FOR-US: Tauri
 CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...)
+	- rust-gix-ref <not-affected> (Windows-specific)
 	- rust-gitoxide <itp> (bug #1043208)
+	- rust-gix-index <not-affected> (Windows-specific)
+	- rust-gix-worktree <not-affected> (Windows-specific)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0351.html
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0352.html
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0353.html
 CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...)
+	- rust-gix-index <unfixed>
 	- rust-gitoxide <itp> (bug #1043208)
+	- rust-gix-worktree <unfixed>
+	- rust-gix-fs <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0348.html
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0349.html
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0350.html
+	NOTE: https://github.com/advisories/GHSA-7w47-3wg8-547c
 CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
 	NOT-FOR-US: J2EEFAST
 CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a57f6de9ef6b6b37164056af439f19bf522b761

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a57f6de9ef6b6b37164056af439f19bf522b761
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240728/e600e20b/attachment.htm>

More information about the debian-security-tracker-commits mailing list