[Git][security-tracker-team/security-tracker][master] Reserve DLA-4084-1 for libmodbus
Andreas Henriksson (@ah)
gitlab at salsa.debian.org
Tue Mar 11 14:44:42 GMT 2025
Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf27aee5 by Andreas Henriksson at 2025-03-11T15:43:46+01:00
Reserve DLA-4084-1 for libmodbus
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -78604,21 +78604,18 @@ CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2024-36845 (An invalid pointer in the modbus_receive() function of libmodbus v3.1. ...)
- libmodbus 3.1.6-2.1 (bug #1074422)
- [bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/750
NOTE: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)
NOTE: Same fix as CVE-2022-0367 (and potentially a duplicate)
CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free via the ct ...)
- libmodbus 3.1.6-2.1 (bug #1074422)
- [bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/749
NOTE: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)
NOTE: Same fix as CVE-2022-0367 (and potentially a duplicate)
CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via the mod ...)
- libmodbus 3.1.6-2.1 (bug #1074422)
- [bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/748
NOTE: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)
@@ -261755,7 +261752,6 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...)
{DLA-3098-1}
- libmodbus 3.1.6-2.1 (bug #1021270)
- [bullseye] - libmodbus <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571
NOTE: https://github.com/stephane/libmodbus/issues/614
NOTE: Fixed by: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Mar 2025] DLA-4084-1 libmodbus - security update
+ {CVE-2022-0367 CVE-2024-10918 CVE-2024-36843 CVE-2024-36844 CVE-2024-36845}
+ [bullseye] - libmodbus 3.1.6-2+deb11u1
[11 Mar 2025] DLA-4083-1 squid - security update
{CVE-2024-25111 CVE-2024-37894 CVE-2024-45802}
[bullseye] - squid 4.13-10+deb11u4
=====================================
data/dla-needed.txt
=====================================
@@ -147,9 +147,6 @@ libcap2 (Chris Lamb)
libdatetime-timezone-perl (Emilio)
NOTE: 20250303: Added by pochu
--
-libmodbus (ah)
- NOTE: 20250303: Added by Front-Desk (rouca)
---
libnet-easytcp-perl
NOTE: 20250117: Added by Front-Desk (rouca)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf27aee5a8084c4887f1df90d124a4feeacbd45c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf27aee5a8084c4887f1df90d124a4feeacbd45c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/be9666b0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list