[Git][security-tracker-team/security-tracker][master] 3 commits: Add patch links for CVE-2024-10394 (OPENAFS-SA-2024-001)

[Daniel Leidert (@dleidert)]

Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b125b609 by Daniel Leidert at 2025-01-02T21:54:28+01:00
Add patch links for CVE-2024-10394 (OPENAFS-SA-2024-001)

- - - - -
39b8ae04 by Daniel Leidert at 2025-01-02T21:54:38+01:00
Add patch links for CVE-2024-10396 (OPENAFS-SA-2024-002)

- - - - -
5bb34ffa by Daniel Leidert at 2025-01-02T21:54:39+01:00
Add patch links for CVE-2024-10397 (OPENAFS-SA-2024-003)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13878,14 +13878,40 @@ CVE-2024-10397 (A malicious server can crash the OpenAFS cache manager and other
 	- openafs 1.8.13-1 (bug #1087406; bug #1087407)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2024-003.txt
 	NOTE: https://lists.openafs.org/pipermail/openafs-devel/2024-November/020961.html
+	NOTE: https://www.openafs.org/pages/security/openafs-sa-2024-003-stable16.patch (v1.6.25)
+	NOTE: https://www.openafs.org/pages/security/openafs-sa-2024-003-stable18.patch (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=40440c3eb628ff1772588bdc99d7496292097bbd (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=c18640c6b98b10cd6f78c63195ff822689cb5348 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=d253a52d3b59bd691eae8863ea2f06d99ad18550 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=0ff2cd9e0f5656e8327c5fe47935998de3669678 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=a82212ab20f0635a40c52648a52a1e9eaccc4937 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=25ad3931d5c03ead625a96e6b626febeb3e20453 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=4871f8ad2775e97bb85ff7efc33a4ad8d3f6d9d1 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=37e585f0841803cdf3a1f99770034890ba162d7c (v1.8.13)
 CVE-2024-10396 (An authenticated user can provide a malformed ACL to the fileserver's  ...)
 	- openafs 1.8.13-1 (bug #1087406; bug #1087407)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2024-002.txt
 	NOTE: https://lists.openafs.org/pipermail/openafs-devel/2024-November/020961.html
+	NOTE: https://www.openafs.org/pages/security/openafs-sa-2024-002-stable16.patch (v1.6.25)
+	NOTE: https://www.openafs.org/pages/security/openafs-sa-2024-002-stable18.patch (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=a07e50726df09c49dfe7b953c3e49eb98f310c09 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=f74f960a18f559e683d6a1f5104e43c3ca93ecb8 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=1e6e813188ecce62eb7af19385d911f63469bdb6 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=d66caf8c04878724001839317637445708edef2c (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=ee020f7cba7d82bc3d4b468210b5052af53c5db5 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=bb01d76a2095baa65880bdc5d504e7a198958265 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=64068705b15661a8d4e0b9f9f2ad4aec34ed51a7 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=a96a3160f5425125588f39f5ac612df3ef9b9a8a (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=a9ede52673b8c8abbfc2577ac6987a8a5686206f (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=21941c0ab2d28fa3a074f46e4d448d518a7c1b8a (v1.8.13)
 CVE-2024-10394 (A local user can bypass the OpenAFS PAG (Process Authentication Group) ...)
 	- openafs 1.8.13-1 (bug #1087406; bug #1087407)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2024-001.txt
 	NOTE: https://lists.openafs.org/pipermail/openafs-devel/2024-November/020961.html
+	NOTE: https://www.openafs.org/pages/security/openafs-sa-2024-001-stable16.patch (v1.6.26)
+	NOTE: https://www.openafs.org/pages/security/openafs-sa-2024-001-stable18.patch (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=20c22347b41eea2ebbdc0ab15f16c822af44df51 (v1.8.13)
+	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=57b655e4837d8660ebcc25d95efb09118adaff07 (v1.8.13)
 CVE-2024-9999 (In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implem ...)
 	NOT-FOR-US: Progress WS_FTP Server
 CVE-2024-9998



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0b8e20c36638bbcfbcd38df4efddf963b5f623d...5bb34ffaaf3c5fb050262b40ac639576512f6d08

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0b8e20c36638bbcfbcd38df4efddf963b5f623d...5bb34ffaaf3c5fb050262b40ac639576512f6d08
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250102/d1391a2a/attachment-0001.htm>