[Git][security-tracker-team/security-tracker][master] clarify note for nginx
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Oct 21 12:55:48 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c1a066de by Moritz Muehlenhoff at 2024-10-21T13:55:39+02:00
clarify note for nginx
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -34379,7 +34379,7 @@ CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QU
[bullseye] - nginx <not-affected> (Vulnerable code not present)
[buster] - nginx <not-affected> (Vulnerable code not present)
NOTE: https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
- NOTE: HTTP3 not enabled in Debian build
+ NOTE: HTTP3 not enabled in Debian builds until 1.26.0-2 (which included fixes)
CVE-2024-34715 (Fides is an open-source privacy engineering platform. The Fides webser ...)
NOT-FOR-US: Fides
CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
@@ -34388,21 +34388,21 @@ CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QU
[bullseye] - nginx <not-affected> (Vulnerable code not present)
[buster] - nginx <not-affected> (Vulnerable code not present)
NOTE: https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
- NOTE: HTTP3 not enabled in Debian build
+ NOTE: HTTP3 not enabled in Debian builds until 1.26.0-2 (which included fixes)
CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
- nginx 1.26.0-2 (unimportant)
[bookworm] - nginx <not-affected> (Vulnerable code not present)
[bullseye] - nginx <not-affected> (Vulnerable code not present)
[buster] - nginx <not-affected> (Vulnerable code not present)
NOTE: https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
- NOTE: HTTP3 not enabled in Debian build
+ NOTE: HTTP3 not enabled in Debian builds until 1.26.0-2 (which included fixes)
CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
- nginx 1.26.0-2 (unimportant)
[bookworm] - nginx <not-affected> (Vulnerable code not present)
[bullseye] - nginx <not-affected> (Vulnerable code not present)
[buster] - nginx <not-affected> (Vulnerable code not present)
NOTE: https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
- NOTE: HTTP3 not enabled in Debian build
+ NOTE: HTTP3 not enabled in Debian builds until 1.26.0-2 (which included fixes)
CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequat ...)
NOT-FOR-US: Dell
CVE-2024-28826 (Improper restriction of local upload and download paths in check_sftp ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1a066de64eb30d8dcea4b8f15eab4cf81a3c951
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1a066de64eb30d8dcea4b8f15eab4cf81a3c951
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241021/8a019ef6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list