[Git][security-tracker-team/security-tracker][master] Add CVE-2024-35241/composer
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 11 21:27:08 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
14c72d93 by Salvatore Bonaccorso at 2024-06-11T22:26:26+02:00
Add CVE-2024-35241/composer
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -431,7 +431,10 @@ CVE-2024-35329 (libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in y
CVE-2024-35242 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...)
TODO: check
CVE-2024-35241 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...)
- TODO: check
+ - composer <unfixed>
+ NOTE: https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c
+ NOTE: https://github.com/composer/composer/commit/b93fc6ca437da35ae73d667d0618749c763b67d4 (2.2.24)
+ NOTE: https://github.com/composer/composer/commit/ee28354ca8d33c15949ad7de2ce6656ba3f68704 (2.7.7)
CVE-2024-34691 (Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform ...)
NOT-FOR-US: SAP
CVE-2024-34690 (SAP Student Life Cycle Management (SLcM) fails to conduct proper autho ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14c72d93f638339cc0ca6936b8e487ea44f2b602
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14c72d93f638339cc0ca6936b8e487ea44f2b602
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240611/f4dda7c9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list