[Git][security-tracker-team/security-tracker][master] CVE-2024-58262/rust-curve25519-dalek assigned

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 28 21:18:21 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e633fc8 by Salvatore Bonaccorso at 2025-07-28T22:17:49+02:00
CVE-2024-58262/rust-curve25519-dalek assigned

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -331,8 +331,6 @@ CVE-2025-8226 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It
 	NOT-FOR-US: yanyutao0402 ChanCMS
 CVE-2024-58263 (The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows  ...)
 	NOT-FOR-US: cosmwasm-std Rust crate
-CVE-2024-58262 (The curve25519-dalek crate before 4.1.3 for Rust has a constant-time o ...)
-	TODO: check
 CVE-2024-58261 (The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infi ...)
 	TODO: check
 CVE-2025-8225 (A vulnerability was found in GNU Binutils 2.44 and classified as probl ...)
@@ -118027,9 +118025,10 @@ CVE-2024-38619 (In the Linux kernel, the following vulnerability has been resolv
 	{DSA-5731-1 DSA-5730-1 DLA-4008-1}
 	- linux 6.9.7-1
 	NOTE: https://git.kernel.org/linus/16637fea001ab3c8df528a8995b3211906165a30 (6.10-rc4)
-CVE-2024-XXXX [RUSTSEC-2024-0344]
+CVE-2024-58262 [RUSTSEC-2024-0344]
 	- rust-curve25519-dalek 4.1.3+20240618+dfsg-1 (bug #1074351)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0344.html
+	NOTE: https://github.com/dalek-cryptography/curve25519-dalek/pull/659
 CVE-2024-5676 (The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to  ...)
 	NOT-FOR-US: Paradox IP150 Internet Module
 CVE-2024-4632 (The WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create H ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e633fc82d79555e3245701c14ca6f9f4b49930e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e633fc82d79555e3245701c14ca6f9f4b49930e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250728/869bfe5b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list