[Git][security-tracker-team/security-tracker][master] some updates on older issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Oct 26 22:56:07 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd8b7ef3 by Moritz Muehlenhoff at 2024-10-26T23:55:37+02:00
some updates on older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -74132,21 +74132,17 @@ CVE-2024-24262 (media-server v1.0.0 was discovered to contain a Use-After-Free (
 CVE-2024-24260 (media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) v ...)
 	NOT-FOR-US: media-server
 CVE-2024-24259 (freeglut through 3.4.0 was discovered to contain a memory leak via the ...)
-	- freeglut <unfixed> (bug #1063801)
-	[bookworm] - freeglut <no-dsa> (Minor issue)
-	[bullseye] - freeglut <no-dsa> (Minor issue)
-	[buster] - freeglut <no-dsa> (Minor issue)
+	- freeglut <unfixed> (bug #1063801; unimportant)
 	NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md
 	NOTE: https://github.com/freeglut/freeglut/pull/155
 	NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
+	NOTE: Negligible security impact
 CVE-2024-24258 (freeglut 3.4.0 was discovered to contain a memory leak via the menuEnt ...)
-	- freeglut <unfixed> (bug #1063801)
-	[bookworm] - freeglut <no-dsa> (Minor issue)
-	[bullseye] - freeglut <no-dsa> (Minor issue)
-	[buster] - freeglut <no-dsa> (Minor issue)
+	- freeglut <unfixed> (bug #1063801; unimportant)
 	NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md
 	NOTE: https://github.com/freeglut/freeglut/pull/155
 	NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
+	NOTE: Negligible security impact
 CVE-2024-23109 (An improper neutralization of special elements used in an os command ( ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-23108 (An improper neutralization of special elements used in an os command ( ...)
@@ -99563,7 +99559,7 @@ CVE-2023-3025 (The Dropbox Folder Share plugin for WordPress is vulnerable to Se
 	NOT-FOR-US: Dropbox Folder Share plugin for WordPress
 CVE-2023-43091 [Code injection via service.json file]
 	- gnome-maps 45~rc-1
-	[bookworm] - gnome-maps <no-dsa> (Minor issue)
+	[bookworm] - gnome-maps <ignored> (Minor issue, mostly hardening since service.json served from fixed/trusted source)
 	[bullseye] - gnome-maps <not-affected> (Vulnerable code not present)
 	[buster] - gnome-maps <not-affected> (Vulnerable code not present)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd8b7ef3039056a1829c79f3fbbc1619474396f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd8b7ef3039056a1829c79f3fbbc1619474396f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241026/377bf936/attachment.htm>


More information about the debian-security-tracker-commits mailing list