[Git][security-tracker-team/security-tracker][master] CVE-2024-6609: bullseye: mark as fixed in nss > 3.61

[Arturo Borrero González (@arturo)]

Arturo Borrero González pushed to branch master at Debian Security Tracker / security-tracker


Commits:
551af19f by Arturo Borrero Gonzalez at 2024-09-23T22:13:20+02:00
CVE-2024-6609: bullseye: mark as fixed in nss > 3.61

The upstream source code for nss starting with 3.61 contains the fix.

See also:
 * https://security-tracker.debian.org/tracker/CVE-2024-6609
 * https://searchfox.org/nss/rev/ba9330537e6e94971de8b9bc49460891b23afd4f/lib/freebl/ec.c#379-382
 * https://sources.debian.org/src/nss/2%3A3.61-1%2Bdeb11u3/nss/lib/freebl/ec.c/#L372

Signed-off-by: Arturo Borrero Gonzalez <arturo at debian.org>

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18094,6 +18094,7 @@ CVE-2024-6610 (Form validation popups could capture escape key presses. Therefor
 CVE-2024-6609 (When almost out-of-memory an elliptic curve key which was never alloca ...)
 	- firefox 128.0-1
 	- nss 2:3.101-1
+    [bullseye] - nss 2:3.61-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6609
 	NOTE: To address CVE in older versions of src:nss what is needed is to add the error
 	NOTE: handling code (confirmed by upstream):



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551af19f2e7b6aaeb1a28f0b3b2dc608ce7d2dd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551af19f2e7b6aaeb1a28f0b3b2dc608ce7d2dd3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240923/8b3c5aad/attachment.htm>