[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-26540/cimg: buster postponed, reference patch

Sylvain Beucler (@beuc) beuc at debian.org
Sat Mar 16 12:45:26 GMT 2024



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8cea774f by Sylvain Beucler at 2024-03-16T13:36:03+01:00
CVE-2024-26540/cimg: buster postponed, reference patch

- - - - -
246888dc by Sylvain Beucler at 2024-03-16T13:44:52+01:00
CVE-2024-28849/node-follow-redirects: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -351,7 +351,12 @@ CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via
 	- cimg <unfixed>
 	[bookworm] - cimg <no-dsa> (Minor issue)
 	[bullseye] - cimg <no-dsa> (Minor issue)
+	[buster] - cimg <postponed> (Minor issue; no rdeps)
 	NOTE: https://github.com/GreycLab/CImg/issues/403
+	NOTE: https://github.com/GreycLab/CImg/commit/6a97a5209987e60fcce293ea102a068a88085098 (v.3.3.3)
+	NOTE: https://github.com/GreycLab/CImg/commit/c214dfee22a3fedcfae48fba7645f7a819cc9385 (v.3.3.3)
+	NOTE: https://github.com/GreycLab/CImg/commit/ec6a1f2183620a90b4dcf456813e597ade791dc6 (v.3.3.3)
+	NOTE: https://github.com/GreycLab/CImg/commit/cb9c5518905ea370954a59903ff747650c6edd40 (v.3.3.3)
 CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...)
 	NOT-FOR-US: Greek Universities Network Open eClass
 CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...)
@@ -417,6 +422,7 @@ CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for Node
 	- node-follow-redirects <unfixed> (bug #1066971)
 	[bookworm] - node-follow-redirects <no-dsa> (Minor issue)
 	[bullseye] - node-follow-redirects <no-dsa> (Minor issue)
+	[buster] - node-follow-redirects <postponed> (Follow-up to CVE-2022-0155)
 	NOTE: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
 	NOTE: https://github.com/psf/requests/issues/1885
 	NOTE: https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b (v1.15.6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5c76fbe69e1756873c56b82990615c555d15f113...246888dcbdba2fe2cdc324dabfe4f7aa6abfab02

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5c76fbe69e1756873c56b82990615c555d15f113...246888dcbdba2fe2cdc324dabfe4f7aa6abfab02
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240316/73fec65b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list