[Git][security-tracker-team/security-tracker][master] Add CVE-2024-38394/gnome-settings-daemon (though disputed)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jun 16 20:20:27 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbe9acb6 by Salvatore Bonaccorso at 2024-06-16T21:17:40+02:00
Add CVE-2024-38394/gnome-settings-daemon (though disputed)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,13 @@ CVE-2024-38427 (In International Color Consortium DemoIccMAX before 85ce74e, a l
 CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title" setting ...)
 	TODO: check
 CVE-2024-38394 (Mismatches in interpreting USB authorization policy between GNOME Sett ...)
-	TODO: check
+	- gnome-settings-daemon <unfixed>
+	NOTE: https://pulsesecurity.co.nz/advisories/usbguard-bypass
+	NOTE: https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780
+	NOTE: https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914
+	NOTE: As per Gnome upstream, consideration of a mitigation for the issue within
+	NOTE: gnome-settings-daemon would rather be a new feature but not a vulnerbility
+	NOTE: fixing. The CVE assignment is disputed upstream with this context.
 CVE-2024-6016 (A vulnerability, which was classified as critical, has been found in i ...)
 	NOT-FOR-US: itsourcecode Online Laundry Management System
 CVE-2024-6015 (A vulnerability classified as critical was found in itsourcecode Onlin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe9acb645acffb05a0d787a7e9a87f7cfc0f56c

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe9acb645acffb05a0d787a7e9a87f7cfc0f56c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240616/b05c300c/attachment.htm>

More information about the debian-security-tracker-commits mailing list