[Git][security-tracker-team/security-tracker][master] new libarchive issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 28 09:08:33 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6cea85de by Moritz Muehlenhoff at 2024-05-28T10:07:58+02:00
new libarchive issue
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -18635,7 +18635,10 @@ CVE-2024-26275 (A vulnerability has been identified in Parasolid V35.1 (All vers
CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-26256 (libarchive Remote Code Execution Vulnerability)
- TODO: check
+ - libarchive <unfixed>
+ NOTE: https://github.com/advisories/GHSA-2jc9-36w4-pmqw
+ NOTE: https://github.com/libarchive/libarchive/pull/2135
+ NOTE: https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237 (v3.7.4)
CVE-2024-26255 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
CVE-2024-26254 (Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability)
=====================================
data/dsa-needed.txt
=====================================
@@ -31,6 +31,8 @@ gst-plugins-base1.0 (carnil)
--
h2o (jmm)
--
+libarchive
+--
libreswan (jmm)
Maintainer prepared bookworm-security update, but needs work on bullseye-security backports
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cea85de655d5793dafcdc57cde308df368486fa
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cea85de655d5793dafcdc57cde308df368486fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240528/cc0b05b5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list