[Git][security-tracker-team/security-tracker][master] CVE-2024-6501/network-manager: bullseye not-affected + introductory patch +...
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Mon May 19 22:00:52 BST 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
db7ea938 by Sylvain Beucler at 2025-05-19T23:00:26+02:00
CVE-2024-6501/network-manager: bullseye not-affected + introductory patch + drop from dla-needed.txt
Introductory patch referenced in merged commit:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/c2cddd3241349c0d5612d7603261c182fbc6d7c3
nm_lldp_neighbor_parse() not present in bullseye.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -93720,10 +93720,11 @@ CVE-2024-33862 (A buffer-management vulnerability in OPC Foundation OPCFoundatio
CVE-2024-6501 (A flaw was found in NetworkManager. When a system running NetworkManag ...)
- network-manager 1.49.90-2 (bug #1076294)
[bookworm] - network-manager 1.42.4-1+deb12u1
- [bullseye] - network-manager <no-dsa> (Minor issue)
+ [bullseye] - network-manager <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295734
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1550
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2007
+ NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/630de288d2e4e01d9ed89218722c0f52b2173128 (1.41.4-dev)
NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/79c1f8c93ad620d02f61ffa49dd3df04fca48069 (1.49.5-dev)
CVE-2023-39329 (A flaw was found in OpenJPEG. A resource exhaustion can occur in the o ...)
- openjpeg2 <unfixed> (bug #1081910)
=====================================
data/dla-needed.txt
=====================================
@@ -261,10 +261,6 @@ nagvis
net-tools (Adrian Bunk)
NOTE: 20250515: Added by Front-Desk (apo)
--
-network-manager
- NOTE: 20250519: Added by Front-Desk (Beuc)
- NOTE: 20250519: Follow fixes from bookworm 12.11 (CVE-2024-6501) (Beuc/front-desk)
---
nginx
NOTE: 20250207: Added by Front-Desk (apo)
NOTE: 20250327: The fix for CVE-2020-36309 still needs testing (andrewsh)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db7ea938bba66ef1f9d30f8d96134a734057d1cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db7ea938bba66ef1f9d30f8d96134a734057d1cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250519/1d2e37fd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list