[Git][security-tracker-team/security-tracker][master] Add ATS commit references
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Mar 6 09:18:18 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2cdc8285 by Moritz Muehlenhoff at 2025-03-06T10:17:56+01:00
Add ATS commit references
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,19 @@
CVE-2024-56202 [Expect header field can unreasonably retain resource]
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
+ NOTE: https://github.com/apache/trafficserver/commit/1cca4a29520f9258be6c3fad5092939dbe9d3562 (9.2.9-rc0)
CVE-2024-56196 [ACL is not fully compatible with older versions]
- trafficserver <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
+ NOTE: https://github.com/apache/trafficserver/commit/0f5598a0587ee5968ecb0ed39c3e581215b8a3ce (9.2.9-rc0)
CVE-2024-56195 [Intercept plugins are not access controlled]
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
+ NOTE: https://github.com/apache/trafficserver/commit/483f84ea4ae2511834abd90014770b27a5082a4c (9.2.9-rc0)
CVE-2024-38311 [Request smuggling via pipelining after a chunked message body]
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
+ NOTE: https://github.com/apache/trafficserver/commit/a16c4b6bb0b126047c68dafbdf6311ac1586fc0b (9.2.9-rc0)
CVE-2025-27625 (In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects start ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-27624 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cdc828569c8ae7305ca16cd483f21e477643ddd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cdc828569c8ae7305ca16cd483f21e477643ddd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250306/ac15fbd1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list