[Git][security-tracker-team/security-tracker][master] CVE-2024-28084/iwd does not affect buster

Adrian Bunk (@bunk) bunk at debian.org
Wed Mar 6 20:36:16 GMT 2024 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abcaca2e by Adrian Bunk at 2024-03-06T22:35:37+02:00
CVE-2024-28084/iwd does not affect buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -826,8 +826,10 @@ CVE-2024-28088 (LangChain through 0.1.10 allows ../ directory traversal by an ac
 	NOT-FOR-US: LanChain-ai Langchain
 CVE-2024-28084 (p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers  ...)
 	- iwd 2.16-1 (bug #1065443)
+	[buster] - iwd <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=52a47c9fd428904de611a90cbf8b223af879684d (2.16)
 	NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=d34b4e16e045142590ed7cb653e01ed0ae5362eb (2.16)
+	NOTE: first version of p2putil in 0.19, P2P is supported since 1.8
 CVE-2024-21826 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause  ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2024-21816 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -133,9 +133,6 @@ imagemagick
   NOTE: 20231014: Some work under git branch debian/buster but unease
   NOTE: 20240227: Made a partial release
 --
-iwd (Adrian Bunk)
-  NOTE: 20240306: Added by Front-Desk (opal)
---
 jenkins-htmlunit-core-js
   NOTE: 20231231: Added by Front-Desk (lamby)
   NOTE: 20231231: Needs checking that this is definitely vulnerable: a quick glance



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abcaca2e26273641969616cfcb4badfdd8ec3eb3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abcaca2e26273641969616cfcb4badfdd8ec3eb3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240306/781cd5d2/attachment.htm>

More information about the debian-security-tracker-commits mailing list