[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-52811/ngtcp2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 26 19:48:06 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3bf65987 by Salvatore Bonaccorso at 2024-11-26T20:26:23+01:00
Update status for CVE-2024-52811/ngtcp2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -263,10 +263,11 @@ CVE-2024-53258 (Autolab is a course management service that enables auto-graded
 CVE-2024-53255 (BoidCMS is a free and open-source flat file CMS for building simple we ...)
 	NOT-FOR-US: BoidCMS
 CVE-2024-52811 (The ngtcp2 project is an effort to implement IETF QUIC protocol in C.  ...)
-	- ngtcp2 <unfixed>
+	- ngtcp2 <not-affected> (Vulnerable code not present; never in released Debian version)
 	NOTE: https://github.com/ngtcp2/ngtcp2/security/advisories/GHSA-4gmv-gf46-r4g5
-	NOTE: https://github.com/ngtcp2/ngtcp2/commit/44b662bd139c23fee1703bf256c13349e2e624a1
-	NOTE: https://github.com/ngtcp2/ngtcp2/commit/e550c1a414318d0f3f01fca1a621ae0b0428ca15
+	NOTE: Introduced with: https://github.com/ngtcp2/ngtcp2/commit/e550c1a414318d0f3f01fca1a621ae0b0428ca15 (v1.9.0)
+	NOTE: Fixed by: https://github.com/ngtcp2/ngtcp2/commit/d2604c0be7a409251134d768d932a74eddb1deaf (v1.9.1)
+	NOTE: Fixed by: https://github.com/ngtcp2/ngtcp2/commit/44b662bd139c23fee1703bf256c13349e2e624a1 (main)
 CVE-2024-52787 (An issue in the upload_documents method of libre-chat v0.0.6 allows at ...)
 	NOT-FOR-US: libre-chat
 CVE-2024-52529 (Cilium is a networking, observability, and security solution with an e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bf6598728c384e1b2880f7e2a90bf9df54edb68

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bf6598728c384e1b2880f7e2a90bf9df54edb68
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241126/adb83f93/attachment.htm>

More information about the debian-security-tracker-commits mailing list