[Git][security-tracker-team/security-tracker][master] Separate CVE assigned for RUSTSEC-2024-0437 issue

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 5 10:01:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1e1fd73 by Salvatore Bonaccorso at 2025-07-05T11:00:31+02:00
Separate CVE assigned for RUSTSEC-2024-0437 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,10 @@ CVE-2025-7068 (A vulnerability, which was classified as problematic, has been fo
 	- hdf5 <unfixed>
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5578
 CVE-2025-53605 (The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion ...)
-	TODO: check
+	- rust-protobuf <unfixed> (bug #1103833)
+	[bookworm] - rust-protobuf <no-dsa> (Minor issue)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0437.html
+	NOTE: https://github.com/stepancheg/rust-protobuf/issues/749
 CVE-2025-53604 (The web-push crate before 0.10.3 for Rust allows a denial of service ( ...)
 	TODO: check
 CVE-2025-53603 (In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHas ...)
@@ -88592,16 +88595,12 @@ CVE-2024-7254 (Any project that parses untrusted Protocol Buffers datacontaining
 	- protobuf <unfixed> (bug #1082381)
 	[bookworm] - protobuf <no-dsa> (Minor issue)
 	[bullseye] - protobuf <postponed> (Minor issue)
-	- rust-protobuf <unfixed> (bug #1103833)
-	[bookworm] - rust-protobuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1 (v3.25.5)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b (v3.25.5)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b (v3.25.5)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/f000b7e18fd6921ca02ea4b87608e8cadcb7b64f (v3.25.5)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/b5a7cf7cf4b7e39f6b02205e45afe2104a7faf81 (v3.25.5)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0437.html
 	NOTE: https://github.com/advisories/GHSA-735f-pc8j-v9w8
-	NOTE: https://github.com/stepancheg/rust-protobuf/issues/749
 CVE-2024-47089 (This vulnerability exists in the Apex Softcell LD Geo due to improper  ...)
 	NOT-FOR-US: Apex Softcell LD Geo
 CVE-2024-47088 (This vulnerability exists in Apex Softcell LD Geo due to missing restr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1e1fd73dd526e9a1823066f8c74929ae529e0a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1e1fd73dd526e9a1823066f8c74929ae529e0a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250705/a3389041/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list