[Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-5187/onnx

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 23 20:28:11 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6bc333f5 by Salvatore Bonaccorso at 2025-01-23T21:27:43+01:00
Update information on CVE-2024-5187/onnx

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61977,12 +61977,13 @@ CVE-2024-5206 (A sensitive data leakage vulnerability was identified in scikit-l
 CVE-2024-5188 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5187 (A vulnerability in the `download_model_with_test_data` function of the ...)
-	- onnx <unfixed> (bug #1075852)
+	- onnx 1.16.2-1 (bug #1075852)
 	[bookworm] - onnx <no-dsa> (Minor issue)
 	[bullseye] - onnx <no-dsa> (Minor issue)
 	NOTE: https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e
 	NOTE: https://github.com/onnx/onnx/pull/6164
-	NOTE: https://github.com/onnx/onnx/commit/3fc3845edb048df559aa2a839e39e95503a0ee34
+	NOTE: https://github.com/onnx/onnx/commit/3fc3845edb048df559aa2a839e39e95503a0ee34 (v1.17.0)
+	NOTE: https://github.com/onnx/onnx/commit/84051888d0943883a0edbf683f68c05ca3b28c40 (v1.16.2)
 CVE-2024-5186 (A Server-Side Request Forgery (SSRF) vulnerability exists in the file  ...)
 	NOT-FOR-US: privategpt
 CVE-2024-5133 (In lunary-ai/lunary version 1.2.4, an account takeover vulnerability e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bc333f5fb2a3e5be329d25627187afd61ea29a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bc333f5fb2a3e5be329d25627187afd61ea29a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/c05aa30c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list