[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVEs for nvidia-graphics-drivers-legacy-340xx as ignored for buster.

[Ola Lundqvist (@opal)]

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc30ba59 by Ola Lundqvist at 2024-03-07T23:54:31+01:00
Marked CVEs for nvidia-graphics-drivers-legacy-340xx as ignored for buster.

- - - - -
c7598151 by Ola Lundqvist at 2024-03-07T23:54:32+01:00
Analyzed freeipa further and concluded that it is safest to fix in buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2053,6 +2053,7 @@ CVE-2024-0074
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984)
+	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985)
 	[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986)
@@ -2076,6 +2077,7 @@ CVE-2024-42265
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984)
+	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985)
 	[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986)
@@ -2095,6 +2097,7 @@ CVE-2024-0078
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984)
+	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
 	- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985)
 	[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986)
@@ -4627,6 +4630,10 @@ CVE-2024-1481 [specially crafted HTTP requests potentially lead to DoS or data e
 	NOTE: ipa-4.10: https://pagure.io/freeipa/c/204011dc0514681511275a4b70a13bfa85c1a538
 	NOTE: ipa-4.9: https://pagure.io/freeipa/c/b039f3087a13de3f34b230dbe29a7cfb1965700d
 	NOTE: ipa-4.9: https://pagure.io/freeipa/c/96a478bbedd49c31e0f078f00f2d1cb55bb952fd
+	NOTE: For buster (and most likely later versions) the vulnerable rpcserver.py code
+	NOTE: is not part of the provided binary packages. The kinit.py file is however and
+	NOTE: it is not entirelly clear whether this may be used in a vulnerable way when
+	NOTE: the client is used for authentication purposes.
 CVE-2024-26270 (The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, ...)
 	NOT-FOR-US: Liferay
 CVE-2024-26268 (User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.2 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -107,6 +107,9 @@ fontforge (Adrian Bunk)
 freeimage
   NOTE: 20240121: Added by Front-Desk (apo)
 --
+freeipa
+  NOTE: 20240307: Added by Front-Desk (opal)
+--
 frr (Abhijith PA)
   NOTE: 20231119: Added by Front-Desk (apo)
   NOTE: 20240206: Continuing fixing the remaining issues (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7a5e90b49c6c4a2acc4af8b4d02620ba98dcdf1...c7598151ce5abc8f421106343ee505caa98c0db8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7a5e90b49c6c4a2acc4af8b4d02620ba98dcdf1...c7598151ce5abc8f421106343ee505caa98c0db8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240307/67b9d921/attachment-0001.htm>