[Git][security-tracker-team/security-tracker][master] fort-validator spu

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 27 15:26:31 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05e2a117 by Moritz Mühlenhoff at 2025-02-27T16:25:50+01:00
fort-validator spu

- - - - -


3 changed files:

- data/CVE/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22364,6 +22364,7 @@ CVE-2024-56173 (In Optimizely Configured Commerce before 5.2.2408, malicious pay
 CVE-2024-48943
 	{DLA-4066-1}
 	- fort-validator 1.6.4-1
+	[bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html
 	NOTE: https://github.com/NICMx/FORT-validator/commit/4ee88d1c3fa7df763dd52312134cd93c1ce50870 (1.6.4)
 CVE-2024-56170 (A validation integrity issue was discovered in Fort through 1.6.4 befo ...)
@@ -53111,31 +53112,37 @@ CVE-2024-45240 (The TikTok (aka com.zhiliaoapp.musically) application before 34.
 CVE-2024-45239 (An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...)
 	{DLA-4066-1}
 	- fort-validator 1.6.3-1
+	[bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html
 	NOTE: https://github.com/NICMx/FORT-validator/commit/942f921ba7244cdcf4574cedc4c16392a7cc594b (1.6.3)
 CVE-2024-45238 (An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...)
 	{DLA-4066-1}
 	- fort-validator 1.6.3-1
+	[bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html
 	NOTE: https://github.com/NICMx/FORT-validator/commit/5689dea5e878fed28c5f338a27d7cda4151a14f1 (1.6.3)
 CVE-2024-45237 (An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...)
 	{DLA-4066-1}
 	- fort-validator 1.6.3-1
+	[bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html
 	NOTE: https://github.com/NICMx/FORT-validator/commit/939d988551d17996be73f52c376a70a3d6ba69f9 (1.6.3)
 CVE-2024-45236 (An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...)
 	{DLA-4066-1}
 	- fort-validator 1.6.3-1
+	[bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html
 	NOTE: https://github.com/NICMx/FORT-validator/commit/4dafbd9de64a5a0616af97365bc1751465b29d2e (1.6.3)
 CVE-2024-45235 (An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...)
 	{DLA-4066-1}
 	- fort-validator 1.6.3-1
+	[bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html
 	NOTE: https://github.com/NICMx/FORT-validator/commit/b1eb3c507ae920859bbe294776ebc2bb30bb7e56 (1.6.3)
 CVE-2024-45234 (An issue was discovered in Fort before 1.6.3. A malicious RPKI reposit ...)
 	{DLA-4066-1}
 	- fort-validator 1.6.3-1
+	[bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
 	NOTE: https://nicmx.github.io/FORT-validator/CVE.html
 	NOTE: https://github.com/NICMx/FORT-validator/commit/521b1a0db5041258096fbabdf8fc1e10ecc793cf (1.6.3)
 CVE-2024-42340 (CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security)


=====================================
data/dsa-needed.txt
=====================================
@@ -14,9 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 emacs (jmm)
 --
-fort-validator
-  probably best to bump bookworm to current upstream
---
 frr
   coordination with the maintainer ongoing, Daniel Baumann proposing an update
 --


=====================================
data/next-point-update.txt
=====================================
@@ -152,3 +152,17 @@ CVE-2024-11053
 	[bookworm] - curl 7.88.1-10+deb12u10
 CVE-2025-22145
 	[bookworm] - php-nesbot-carbon 2.65.0-1+deb12u1
+CVE-2024-45234
+	[bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45235
+	[bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45236
+	[bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45237
+	[bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45238
+	[bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45239
+	[bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-48943
+	[bookworm] - fort-validator 1.5.4-1+deb12u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e2a117d821062a078d3a34281353cf1c12adbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e2a117d821062a078d3a34281353cf1c12adbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250227/7e09d5ef/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list