[Git][security-tracker-team/security-tracker][master] llama.cpp is in the archive now

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 9 11:39:51 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37c6631a by Moritz Muehlenhoff at 2025-05-09T12:39:41+02:00
llama.cpp is in the archive now

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81059,11 +81059,11 @@ CVE-2024-42481 (Skyport Daemon (skyportd) is the daemon for the Skyport Panel. B
 CVE-2024-42480 (Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions ...)
 	NOT-FOR-US: Kamaji
 CVE-2024-42479 (llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer m ...)
-	NOT-FOR-US: ggerganov/llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-42478 (llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer m ...)
-	NOT-FOR-US: ggerganov/llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-42477 (llama.cpp provides LLM inference in C/C++. The unsafe `type` member in ...)
-	NOT-FOR-US: ggerganov/llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-42474 (Streamlit is a data oriented application development framework for pyt ...)
 	NOT-FOR-US: Streamlit
 CVE-2024-42167 (The function "generate_app_certificates" in controllers/saml2/saml2.js ...)
@@ -85728,7 +85728,7 @@ CVE-2024-41132 (ImageSharp is a 2D graphics API. A vulnerability discovered in t
 CVE-2024-41131 (ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability  ...)
 	NOT-FOR-US: ImageSharp
 CVE-2024-41130 (llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp c ...)
-	NOT-FOR-US: llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-41129 (The ops library is a Python framework for developing and testing Kuber ...)
 	NOT-FOR-US: operator python module (Pure Python framework for writing Juju charms)
 CVE-2024-40634 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
@@ -113953,7 +113953,7 @@ CVE-2024-32883 (MCUboot is a secure bootloader for 32-bits microcontrollers. MCU
 CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps, and peo ...)
 	NOT-FOR-US: Danswer
 CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of uninitialized h ...)
-	NOT-FOR-US: llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows att ...)
 	NOT-FOR-US: Lavalite CMS
 CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote a ...)
@@ -132702,9 +132702,9 @@ CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion Prev
 	NOTE: https://github.com/OISF/suricata/commit/b0d762d2675a2441b74e039d54bfa5b050641f8e (suricata-7.0.3)
 	NOTE: https://github.com/OISF/suricata/commit/61a32360eba3c032de51029a05515ab46690286f (suricata-7.0.3)
 CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	NOT-FOR-US: llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	NOT-FOR-US: llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...)
 	NOT-FOR-US: Tencent Blueking CMDB
 CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...)
@@ -132714,11 +132714,11 @@ CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 S
 	NOTE: https://github.com/jetty/jetty.project/issues/11256
 	NOTE: Fixed by: https://github.com/jetty/jetty.project/commit/86586df0a8a4d9c6b5af9a621ad1adf1b494d39b (jetty-9.4.54.v20240208)
 CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	NOT-FOR-US: llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	NOT-FOR-US: llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	NOT-FOR-US: llama.cpp
+	- llama.cpp <not-affected> (Fixed before initial upload)
 CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <= 2.1.0 coul ...)
 	NOT-FOR-US: Showdownjs
 CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link to an au ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c6631a36a60b3a30fb9dbd5d5614f74fd79c84

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37c6631a36a60b3a30fb9dbd5d5614f74fd79c84
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/cb6afb36/attachment.htm>

More information about the debian-security-tracker-commits mailing list