[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-2496/libvirt: buster postponed

Sylvain Beucler (@beuc) beuc at debian.org
Sat Mar 16 12:10:55 GMT 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15535e20 by Sylvain Beucler at 2024-03-16T13:00:23+01:00
CVE-2024-2496/libvirt: buster postponed

- - - - -
5c76fbe6 by Sylvain Beucler at 2024-03-16T13:09:36+01:00
dla: add libvirt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1577,6 +1577,7 @@ CVE-2024-2496 [NULL pointer dereference in udevConnectListAllInterfaces()]
 	- libvirt 9.8.0-1
 	[bookworm] - libvirt <no-dsa> (Minor issue)
 	[bullseye] - libvirt <no-dsa> (Minor issue)
+	[buster] - libvirt <postponed> (Minor issue; DoS / clean crash)
 	NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8 (v9.8.0-rc1)
 CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...)
 	- libvirt <unfixed> (bug #1066058)


=====================================
data/dla-needed.txt
=====================================
@@ -172,6 +172,11 @@ libstb
   NOTE: 20240314: several CVEs fixed in DLA-3305-1 remain unfixed (no-dsa) in bullseye
   NOTE: 20240314: and bookwork. Uploads to spu and ospu should be coordinated. (roberto)
 --
+libvirt
+  NOTE: 20240316: Added by Front-Desk (Beuc)
+  NOTE: 20240316: A few years of minor vulnerabilities piled up;
+  NOTE: 20240316: coordinate with stable/oldstable to fix them uniformly (Beuc/front-desk)
+--
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/72788521a0bcb3f302e27bd45b2f6df9a979c20f...5c76fbe69e1756873c56b82990615c555d15f113

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/72788521a0bcb3f302e27bd45b2f6df9a979c20f...5c76fbe69e1756873c56b82990615c555d15f113
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240316/00a163eb/attachment.htm>

More information about the debian-security-tracker-commits mailing list