[Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-4109
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 15 12:39:01 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8cb1b18c by Salvatore Bonaccorso at 2025-01-15T13:38:44+01:00
Update information on CVE-2024-4109
Upstream did revisit the decision and is providing a fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9041,12 +9041,11 @@ CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an authentica
CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can perform a ...)
NOT-FOR-US: Scan2Net
CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from a prev ...)
- - undertow <unfixed> (unimportant)
+ - undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2272325
NOTE: https://github.com/undertow-io/undertow/pull/1668
NOTE: https://issues.redhat.com/browse/UNDERTOW-2451
- NOTE: Marked upstream as 'not a bug' given there are no leakages in the classes
- NOTE: covered by the pull request #1668 upstream. No security impact.
+ NOTE: Fixed by: https://github.com/undertow-io/undertow/pull/1715
CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog allows a ...)
NOT-FOR-US: Microsoft
CVE-2024-49071 (Improper authorization of an index that contains sensitive information ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb1b18c30f22de7a70239be0409dbeca5385c60
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb1b18c30f22de7a70239be0409dbeca5385c60
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250115/3b69e724/attachment.htm>
More information about the debian-security-tracker-commits
mailing list