[Git][security-tracker-team/security-tracker][master] pure-ftpd non issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9bb9889f by Moritz Muehlenhoff at 2024-11-13T10:26:06+01:00
pure-ftpd non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5625,11 +5625,11 @@ CVE-2024-48931 (ZimaOS is a fork of CasaOS, an operating system for Zima devices
 CVE-2024-48870 (Sharp and Toshiba Tec MFPs improperly validate input data in URI data  ...)
 	NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-48208 (pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an  ...)
-	- pure-ftpd <unfixed> (bug #1086147)
+	- pure-ftpd <unfixed> (bug #1086147; unimportant)
 	NOTE: https://github.com/jedisct1/pure-ftpd/pull/176
 	NOTE: Fixed by: https://github.com/jedisct1/pure-ftpd/commit/350d66fbbd6634c09f146dc7d5bd57e737dfd0fb (1.0.52)
 	NOTE: Followup: https://github.com/jedisct1/pure-ftpd/commit/2bbe0f25c6b905044803649a29df5f765f940b91
-	TODO: seems bogus, still unclear security impact
+	NOTE: No security impact, basically just terminates the user's connection
 CVE-2024-47883 (The OpenRefine fork of the MIT Simile Butterfly server is a modular we ...)
 	- openrefine-butterfly <unfixed> (bug #1086042)
 	NOTE: https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bb9889f2d0f3075775cea81ea6fb7f98a66db06

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bb9889f2d0f3075775cea81ea6fb7f98a66db06
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241113/f152a278/attachment.htm>