[Git][security-tracker-team/security-tracker][master] Add new mbedtls issues (CVE-2024-4515{7,8,9})
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 5 21:49:47 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
00521952 by Salvatore Bonaccorso at 2024-09-05T22:49:08+02:00
Add new mbedtls issues (CVE-2024-4515{7,8,9})
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -74,11 +74,14 @@ CVE-2024-45173 (An issue was discovered in za-internet C-MOR Video Surveillance
CVE-2024-45171 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45159 (An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, wh ...)
- TODO: check
+ - mbedtls <not-affected> (Vulnerable code introduced later)
+ NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/
CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer o ...)
- TODO: check
+ - mbedtls <not-affected> (Vulnerable code introduced later)
+ NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/
CVE-2024-45157 (An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1 ...)
- TODO: check
+ - mbedtls <unfixed>
+ NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
CVE-2024-45107 (Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.0 ...)
NOT-FOR-US: Adobe
CVE-2024-45098 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass int ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/005219524037593f56b5485072b8662dcef09a13
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/005219524037593f56b5485072b8662dcef09a13
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240905/5a444a4d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list