[Git][security-tracker-team/security-tracker][master] Remove todo item for CVE-2024-49761

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8397ad9e by Salvatore Bonaccorso at 2024-11-20T20:53:20+01:00
Remove todo item for CVE-2024-49761

It was confirmed in the LTS triage for bullseye that indeed the older
versions were affected as well, drop now the TODO item as the status got
back to be correct.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7645,8 +7645,6 @@ CVE-2024-49761 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has
 	NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
 	NOTE: https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f (v3.3.9)
 	NOTE: https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/
-	TODO: double-check, advisory claims ruby 3.2 and above are not affected, but current versions in unstable do not include rexml 3.3.9 yet but earlier versions
-	NOTE: Conversely the vulnerable code appears to be present in old 2.x branches
 CVE-2024-49755 (Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ...)
 	NOT-FOR-US: Duende IdentityServer
 CVE-2024-48826 (Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8397ad9e40928429e5a43c6e53118d3c567e28f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8397ad9e40928429e5a43c6e53118d3c567e28f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241120/3e9c8814/attachment.htm>