[Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 28 20:44:40 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18a74861 by Salvatore Bonaccorso at 2025-01-28T21:44:23+01:00
Process one NFU

- - - - -
55954f1f by Salvatore Bonaccorso at 2025-01-28T21:44:23+01:00
Add CVE-2024-45340/go

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2024-8401 (CWE-79: Improper Neutralization of Input During Web Page Generati
 CVE-2024-7881 (An unprivileged context can trigger a data memory-dependent prefetch e ...)
 	TODO: check
 CVE-2024-6351 (A malformed packet can cause a buffer overflow in the NWK/APS layer of ...)
-	TODO: check
+	NOT-FOR-US: Ember ZNet
 CVE-2024-40677 (In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is  ...)
 	TODO: check
 CVE-2024-40676 (In checkKeyIntent of AccountManagerService.java, there is a possible w ...)
@@ -301,7 +301,12 @@ CVE-2024-53881 (NVIDIA vGPU software contains a vulnerability in the host driver
 CVE-2024-48662 (Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (47 ...)
 	NOT-FOR-US: AdGuard Application
 CVE-2024-45340 (Credentials provided via the new GOAUTH feature were not being properl ...)
-	TODO: check
+	- golang-1.24 1.24~rc2-1
+	NOTE: https://go-review.googlesource.com/c/go/+/643097
+	NOTE: https://github.com/golang/go/issues/71249
+	NOTE: https://github.com/golang/go/commit/139d6eedae38f9e8bc81bb2c8c5c2c75d12853ab (maser)
+	NOTE: https://github.com/golang/go/commit/8336dfde7096ff75c1ff256cb3079863cefac33a (go1.24rc2)
+	TODO: check older branches
 CVE-2024-45339 (When logs are written to a widely-writable directory (the default), an ...)
 	TODO: check
 CVE-2024-44172 (A privacy issue was addressed with improved private data redaction for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a6a6c45e15c6029b418c83f8b589b017774c2f7f...55954f1f3aca53dd2843c1b500b55ba1ed8a2431

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a6a6c45e15c6029b418c83f8b589b017774c2f7f...55954f1f3aca53dd2843c1b500b55ba1ed8a2431
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250128/fb214421/attachment.htm>

More information about the debian-security-tracker-commits mailing list