[Git][security-tracker-team/security-tracker][master] more rust-wasmtime assignments

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 2 15:13:30 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7edff5e by Moritz Mühlenhoff at 2025-05-02T16:13:01+02:00
more rust-wasmtime assignments

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -56762,7 +56762,8 @@ CVE-2024-52043 (Generation of Error Message Containing Sensitive Informationin H
 CVE-2024-51756 (The cap-std project is organized around the eponymous `cap-std` crate, ...)
 	NOT-FOR-US: Rust crate cap-std
 CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's file ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime 26.0.1+dfsg-1
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0438.html
 CVE-2024-51358 (An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to  ...)
 	NOT-FOR-US: Linux Server Heimdall
 CVE-2024-51116 (Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflo ...)
@@ -179279,7 +179280,8 @@ CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with
 CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer Data Pla ...)
 	NOT-FOR-US: rudder-server
 CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6. ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0092.html
 CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2,  ...)
 	NOT-FOR-US: embano1/wip GitHub Action
 CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...)
@@ -192006,7 +192008,8 @@ CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When
 CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...)
 	NOT-FOR-US: mailcow
 CVE-2023-26489 (wasmtime is a fast and secure runtime for WebAssembly. In affected ver ...)
-	NOT-FOR-US: wasmtime
+ 	- rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0090.html
 CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
 	NOT-FOR-US: OpenZeppelin
 CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...)
@@ -257896,7 +257899,8 @@ CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-i
 	NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
 	NOTE: Fixed by: https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd (1.19.5)
 CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in th ...)
-	NOT-FOR-US: wasmtime
+ 	- rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0100.html
 CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...)
 	NOT-FOR-US: FlyteAdmin
 CVE-2022-31144 (Redis is an in-memory database that persists on disk. A specially craf ...)
@@ -281248,7 +281252,8 @@ CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-sit
 CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
 	NOT-FOR-US: K-Box
 CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI. Prior to ve ...)
-	NOT-FOR-US: wasmtime
+	- rust-wasmtime <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0096.html
 CVE-2022-23635 (Istio is an open platform to connect, manage, and secure microservices ...)
 	NOT-FOR-US: Istio
 CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma`  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7edff5efb4e9f49ebba9fa7b8977ef95d8d82fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7edff5efb4e9f49ebba9fa7b8977ef95d8d82fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250502/80877531/attachment.htm>

More information about the debian-security-tracker-commits mailing list