[Git][security-tracker-team/security-tracker][master] Add CVE-2024-51504/zookeeper
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 9 08:08:48 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9bf644d6 by Salvatore Bonaccorso at 2024-11-09T09:08:19+01:00
Add CVE-2024-51504/zookeeper
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -329,7 +329,15 @@ CVE-2024-51989 (Password Pusher is an open source application to communicate sen
CVE-2024-51758 (Filament is a collection of full-stack components for accelerated Lara ...)
NOT-FOR-US: Filament
CVE-2024-51504 (When using IPAuthenticationProvider in ZooKeeper Admin Server there is ...)
- TODO: check
+ - zookeeper <unfixed>
+ [bookworm] - zookeeper <not-affected> (Vulnerable code introduced later)
+ [bullseye] - zookeeper <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.apache.org/thread/b3qrmpkto5r6989qr61fw9y2x646kqlh
+ NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-4851
+ NOTE: https://github.com/apache/zookeeper/pull/2181
+ NOTE: Introduced by: https://github.com/apache/zookeeper/commit/d79811bf28f00fb1db6ec6002e884af6cfd0d7fc (release-3.9.0-0)
+ NOTE: Fixed by: https://github.com/apache/zookeeper/commit/bd5be58c562ce992de8af43cdef0bdb34261a525 (release-3.9.3-0)
+ NOTE: Followup to disable (X-Forwarded-For by default): https://github.com/apache/zookeeper/commit/67037ad9087b4e554f77427e88d40df1eb19d6d3 (release-3.9.3-0)
CVE-2024-51428 (An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denia ...)
TODO: check
CVE-2024-48954 (An issue was discovered in Logpoint before 7.5.0. Unvalidated input du ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf644d6d758fb7e9f5e8dc83698b7d51c642ad3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf644d6d758fb7e9f5e8dc83698b7d51c642ad3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241109/766f1f48/attachment.htm>
More information about the debian-security-tracker-commits
mailing list