[Git][security-tracker-team/security-tracker][master] bpftrace unimportant (and record revised fix)

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 28 16:38:34 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fae9f22 by Moritz Muehlenhoff at 2024-10-28T17:38:03+01:00
bpftrace unimportant (and record revised fix)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65646,6 +65646,7 @@ CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL
 	NOT-FOR-US: AOL AIM Triton
 CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them  ...)
 	- bpfcc 0.31.0+ds-2 (bug #1071747; unimportant)
+	[buster] - bpfcc <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 (v0.30.0)
 	NOTE: Introduced by: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 (v0.10.0)
 	NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2), and
@@ -65653,12 +65654,13 @@ CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1221229#c1
 	NOTE: Does not affect Debian kernels since CONFIG_IKHEADERS isn't set
 CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load  ...)
-	- bpftrace 0.21.0-1 (bug #1071748)
-	[bookworm] - bpftrace <no-dsa> (Minor issue)
-	[bullseye] - bpftrace <no-dsa> (Minor issue)
+	- bpftrace 0.21.0-1 (bug #1071748; unimportant)
 	[buster] - bpftrace <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced by: https://github.com/bpftrace/bpftrace/commit/896fafbe925385500c6626b19348739142944b88 (v0.9.3)
 	NOTE: Fixed by: https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 (v0.21.0)
+	NOTE: Revised fix: https://github.com/bpftrace/bpftrace/commit/bc73244963f206814ae45ec78ebe52cd389f6381 (v0.21.0)
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1221220#c2
+	NOTE: Does not affect Debian kernels since CONFIG_IKHEADERS isn't set
 CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process of Sm ...)
 	NOT-FOR-US: Small Office Multifunction Printers and Laser Printers (Canon)
 CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fae9f22b4f1f12d88875c912be92625013eee45

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fae9f22b4f1f12d88875c912be92625013eee45
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241028/1b0a4eca/attachment.htm>

More information about the debian-security-tracker-commits mailing list