[Git][security-tracker-team/security-tracker][master] CVE-2024-52867/guix assigned
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Nov 17 05:59:56 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7d87515 by Salvatore Bonaccorso at 2024-11-17T06:59:25+01:00
CVE-2024-52867/guix assigned
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4507,9 +4507,8 @@ CVE-2024-10731 (A vulnerability, which was classified as critical, was found in
NOT-FOR-US: Tongda OA
CVE-2024-10730 (A vulnerability, which was classified as critical, has been found in T ...)
NOT-FOR-US: Tongda OA
-CVE-2024-XXXX [Guix build user takeover vulnerability]
+CVE-2024-52867 [Guix build user takeover vulnerability]
- guix 1.4.0-8
- [bookworm] - guix 1.4.0-3+deb12u2
NOTE: https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5ab3c4c1e43ebb637551223791db0ea3519986e1
=====================================
data/DSA/list
=====================================
@@ -26,6 +26,7 @@
{CVE-2024-20696}
[bookworm] - libarchive 3.6.2-1+deb12u2
[08 Nov 2024] DSA-5805-1 guix - security update
+ {CVE-2024-52867}
[bookworm] - guix 1.4.0-3+deb12u2
[07 Nov 2024] DSA-5804-1 webkit2gtk - security update
{CVE-2024-44244 CVE-2024-44296}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7d875154eb866876548e414e4630e2ec91e8e7e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7d875154eb866876548e414e4630e2ec91e8e7e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241117/0a2e58f9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list