[Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-45845 and CVE-2024-45593

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 11 21:40:20 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7eeed35 by Salvatore Bonaccorso at 2024-09-11T22:39:56+02:00
Update information on CVE-2024-45845 and CVE-2024-45593

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -339,7 +339,10 @@ CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows an
 CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a symlink in a  ...)
-	TODO: check
+	- nix <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493
+	NOTE: https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59
+	NOTE: Duplicate of CVE-2024-45593
 CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL databas ...)
 	NOT-FOR-US: Directus
 CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting D-Tal ...)
@@ -347,6 +350,7 @@ CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting
 CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug in Ni ...)
 	- nix <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493
+	NOTE: https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59
 CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, integrates audi ...)
 	NOT-FOR-US: auditor-bundle / DoctrineAuditBundle
 CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes the hi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7eeed351e85dbfcfb9fa645a0856ceb86cc3700

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7eeed351e85dbfcfb9fa645a0856ceb86cc3700
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240911/5bd46d5e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list