[Git][security-tracker-team/security-tracker][master] mark CVE-2024-34580 as postponed for Bullseye
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Thu Nov 28 22:55:30 GMT 2024
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fdbcf709 by Thorsten Alteholz at 2024-11-28T23:55:20+01:00
mark CVE-2024-34580 as postponed for Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39484,6 +39484,7 @@ CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig) specificat
NOT-FOR-US: W3C XML Signature Syntax and Processing (XMLDsig) specification
CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML Signature ...)
- xml-security-c <unfixed> (bug #1074429)
+ [bullseye] - xml-security-c <postponed> (Minor issue)
NOTE: https://cloud.google.com/blog/topics/threat-intelligence/apache-library-allows-server-side-request-forgery
NOTE: https://www.sonatype.com/blog/the-exploited-ivanti-connect-ssrf-vulnerability-stems-from-xmltooling-oss-library
NOTE: https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2024-21893.md
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdbcf709c8c49f6c132454d1ee810099e065c92d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdbcf709c8c49f6c132454d1ee810099e065c92d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241128/6ba91978/attachment.htm>
More information about the debian-security-tracker-commits
mailing list