[Git][security-tracker-team/security-tracker][master] Add upstream tag reference for yaql commit for mitigation of CVE-2024-29156
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 18 17:56:57 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
970d424c by Salvatore Bonaccorso at 2024-03-18T18:56:13+01:00
Add upstream tag reference for yaql commit for mitigation of CVE-2024-29156
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -125,7 +125,7 @@ CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is us
NOTE: https://bugs.launchpad.net/murano/+bug/2048114
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0093
NOTE: No fix in Murano, but a change in src:yaql renders this unexploitable:
- NOTE: https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3
+ NOTE: https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3 (3.0.0)
CVE-2024-29154 (danielmiessler fabric through 1.3.0 allows installer/client/gui/static ...)
NOT-FOR-US: danielmiessler/fabric
CVE-2024-29151 (Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which doe ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/970d424c6922770d69c60e1876297027b9f5892e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/970d424c6922770d69c60e1876297027b9f5892e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240318/4978d60e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list