[Git][security-tracker-team/security-tracker][master] Add commit from 3.0.y series for CVE-2024-29034

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 20 21:34:03 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71f43778 by Salvatore Bonaccorso at 2024-11-20T22:33:26+01:00
Add commit from 3.0.y series for CVE-2024-29034

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69854,7 +69854,8 @@ CVE-2024-29071 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week
 CVE-2024-29034 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...)
 	- ruby-carrierwave <not-affected> (Incomplete fix for CVE-2023-49090 not applied)
 	NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw
-	NOTE: Fixed by: https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477
+	NOTE: Fixed by: https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477 (v3.1.0.beta)
+	NOTE: Fixed by: https://github.com/carrierwaveuploader/carrierwave/commit/00676e23d7f4beac12beddee6f2486b686fb7e46 (v3.0.7)
 	NOTE: Fixed by: https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2 (v2.2.6)
 	NOTE: CVE is for incomplete fix of CVE-2023-49090
 CVE-2024-29009 (Cross-site request forgery (CSRF) vulnerability in easy-popup-show all ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71f43778032e356636c06ddb3ee1b296349c3a57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71f43778032e356636c06ddb3ee1b296349c3a57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241120/59d15306/attachment.htm>

More information about the debian-security-tracker-commits mailing list