[Git][security-tracker-team/security-tracker][master] CVE-2024-26458/CVE-2024-26461
Bastien Roucariès (@rouca)
rouca at debian.org
Sun Feb 23 17:29:20 GMT 2025
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
770bb083 by Bastien Roucariès at 2025-02-23T17:28:45+00:00
CVE-2024-26458/CVE-2024-26461
Update bugs due to some CVEs fixed upstream
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -104176,13 +104176,13 @@ CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerabilit
NOTE: Fixed by https://github.com/krb5/krb5/commit/0c2de238b5bf1ea4578e3933a604c7850905b8be (krb5-1.21.3-final)
NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
- - krb5 <unfixed> (bug #1064965; unimportant)
+ - krb5 <unfixed> (bug #1098754; unimportant)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md
NOTE: Fixed by: https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d
NOTE: Codepath cannot be triggered via API calls, negligible security impact
NOTE: https://mailman.mit.edu/pipermail/kerberos/2024-March/023095.html
CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...)
- - krb5 <unfixed> (bug #1064965; unimportant)
+ - krb5 <unfixed> (bug #1098754; unimportant)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
NOTE: Fixed by: https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d
NOTE: Unused codepath, negligible security impact
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/770bb08310a90fcded90f4280694f4a1924b90a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/770bb08310a90fcded90f4280694f4a1924b90a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250223/2c94e54e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list