[Git][security-tracker-team/security-tracker][master] CVE-2024-26462/krb5
Bastien Roucariès (@rouca)
rouca at debian.org
Sun Feb 23 17:05:46 GMT 2025
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18b3eeaf by Bastien Roucariès at 2025-02-23T16:48:56+00:00
CVE-2024-26462/krb5
This one was fixed in git and code tree but not marked as fixed in changelog
Reported upstream
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -104166,13 +104166,14 @@ CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the comp
CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the component ...)
NOT-FOR-US: beep.js
CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
- - krb5 <unfixed> (bug #1064965)
+ - krb5 1.21.3 (bug #1064965)
[bookworm] - krb5 <no-dsa> (Minor issue)
[bullseye] - krb5 <not-affected> (Vulnerable code introduced later)
[buster] - krb5 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
NOTE: Introduced by: https://github.com/krb5/krb5/commit/c85894cfb784257a6acb4d77d8c75137d2508f5e (krb5-1.20-beta1)
- NOTE: Fixed by: https://github.com/krb5/krb5/commit/7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe
+ NOTE: Fixed by: https://github.com/krb5/krb5/commit/7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe (master)
+ NOTE: Fixed by https://github.com/krb5/krb5/commit/0c2de238b5bf1ea4578e3933a604c7850905b8be (krb5-1.21.3-final)
NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
- krb5 <unfixed> (bug #1064965; unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18b3eeaf12d89ed6a11a3dc88908c1f3ff15ea8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18b3eeaf12d89ed6a11a3dc88908c1f3ff15ea8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250223/885369a0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list