[Git][security-tracker-team/security-tracker][master] Update references for CVE-2024-12905
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 28 19:25:51 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c72eb0c by Salvatore Bonaccorso at 2025-03-28T20:25:11+01:00
Update references for CVE-2024-12905
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -545,6 +545,8 @@ CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the compone
NOT-FOR-US: hay-kot mealie
CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link Following") and ...)
- node-tar-fs <unfixed> (bug #1101501)
+ NOTE: https://github.com/advisories/GHSA-pq67-2wwv-3xjx
+ NOTE: https://github.com/mafintosh/tar-fs/commit/fd1634e869e7c5f85948e95eabdaa8451a085de5 (v2.1.2)
NOTE: https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed (v3.0.7)
CVE-2023-38272 (IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5 ...)
NOT-FOR-US: IBM
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c72eb0cb0ca92146ca91d6ab2d5e44f8250b642
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c72eb0cb0ca92146ca91d6ab2d5e44f8250b642
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/537c21fa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list