[Git][security-tracker-team/security-tracker][master] CVE-2024-7776,CVE-2024-5187/onnx: bullseye (and probably bookworm)...
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Thu Apr 10 11:57:21 BST 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29b09ebc by Sylvain Beucler at 2025-04-10T12:57:15+02:00
CVE-2024-7776,CVE-2024-5187/onnx: bullseye (and probably bookworm) not-affected; reference introductory commit; fix follow-up commit
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7991,11 +7991,14 @@ CVE-2024-7779 (A vulnerability in danswer-ai/danswer version 1 allows an attacke
CVE-2024-7776 (A vulnerability in the `download_model` function of the onnx/onnx fram ...)
- onnx 1.16.2-1
[bookworm] - onnx <no-dsa> (Minor issue)
+ [bullseye] - onnx <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.com/bounties/a7a46cf6-1fa-454b-988c-62d222e83f63
NOTE: https://github.com/onnx/onnx/issues/6215
NOTE: https://github.com/onnx/onnx/pull/6222
- NOTE: https://github.com/onnx/onnx/commit/3fc3845edb048df559aa2a839e39e95503a0ee34 (v1.17.0)
+ NOTE: Follow-up to CVE-2024-5187
+ NOTE: https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f (v1.17.0)
NOTE: cherry picks of fixes: https://github.com/onnx/onnx/commit/84051888d0943883a0edbf683f68c05ca3b28c40 (v1.16.2)
+ NOTE: Introduced by: https://github.com/onnx/onnx/commit/474c0b64ccd913101c4dc7108b3dea4fd1f51de8 (v1.14.0)
CVE-2024-7773 (A vulnerability in ollama/ollama version 0.1.37 allows for remote code ...)
- ollama <itp> (bug #1094806)
CVE-2024-7771 (A vulnerability in the Dockerized version of mintplex-labs/anything-ll ...)
@@ -88378,11 +88381,12 @@ CVE-2024-5188 (The Essential Addons for Elementor \u2013 Best Elementor Template
CVE-2024-5187 (A vulnerability in the `download_model_with_test_data` function of the ...)
- onnx 1.16.2-1 (bug #1075852)
[bookworm] - onnx <no-dsa> (Minor issue)
- [bullseye] - onnx <no-dsa> (Minor issue)
+ [bullseye] - onnx <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e
NOTE: https://github.com/onnx/onnx/pull/6164
NOTE: https://github.com/onnx/onnx/commit/3fc3845edb048df559aa2a839e39e95503a0ee34 (v1.17.0)
NOTE: https://github.com/onnx/onnx/commit/84051888d0943883a0edbf683f68c05ca3b28c40 (v1.16.2)
+ NOTE: Introduced by: https://github.com/onnx/onnx/commit/474c0b64ccd913101c4dc7108b3dea4fd1f51de8 (v1.14.0)
CVE-2024-5186 (A Server-Side Request Forgery (SSRF) vulnerability exists in the file ...)
NOT-FOR-US: privategpt
CVE-2024-5133 (In lunary-ai/lunary version 1.2.4, an account takeover vulnerability e ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29b09ebc46a51a29f24a275ad2ec31b206e31537
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29b09ebc46a51a29f24a275ad2ec31b206e31537
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250410/e2a97b45/attachment.htm>
More information about the debian-security-tracker-commits
mailing list