[Git][security-tracker-team/security-tracker][master] 2 commits: Unify style of notes

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Oct 26 07:58:31 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff5f96d7 by Salvatore Bonaccorso at 2025-10-26T08:56:42+01:00
Unify style of notes

- - - - -
64a3870e by Salvatore Bonaccorso at 2025-10-26T08:57:19+01:00
Add information on upstream versions

Thanks: Daniel Leidert for spotting the initial attempt for adressing
the issue and adding the pre-requisite changes on the CVE fix.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55577,8 +55577,8 @@ CVE-2024-13009 (In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorr
 	- jetty <not-affected> (Only affects 9.x)
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5
 	NOTE: https://gitlab.eclipse.org/security/cve-assignement/-/issues/48
-	NOTE: Fixed by commit https://github.com/jetty/jetty.project/commit/e3fa9466633db6bf36e0eb0d17e3de166c788ede (jetty-9.4.57.v20241219)
-	NOTE: Pull request https://github.com/jetty/jetty.project/pull/12648 (jetty-9.4.57.v20241219)
+	NOTE: Fixed by: https://github.com/jetty/jetty.project/commit/e3fa9466633db6bf36e0eb0d17e3de166c788ede (jetty-9.4.57.v20241219)
+	NOTE: https://github.com/jetty/jetty.project/pull/12648 (jetty-9.4.57.v20241219)
 CVE-2024-12378 (On affected platforms running Arista EOS with secure Vxlan configured, ...)
 	NOT-FOR-US: Arista Networks
 CVE-2024-11186 (On affected versions of the CloudVision Portal, improper access contro ...)
@@ -212154,8 +212154,8 @@ CVE-2023-5752 (When installing a package from a Mercurial VCS URL  (ie "pip inst
 	- python-pip 23.3+dfsg-1
 	[bookworm] - python-pip <no-dsa> (Minor issue)
 	[buster] - python-pip <no-dsa> (Minor issue)
-	NOTE: https://github.com/pypa/pip/pull/12119
-	NOTE: https://github.com/pypa/pip/pull/12306
+	NOTE: https://github.com/pypa/pip/pull/12119 (23.2)
+	NOTE: https://github.com/pypa/pip/pull/12306 (23.3)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
 CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized modifi ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bf3d524d63cc310c92b0db7147e476385ea6ba9a...64a3870e40cc72163ef7a8913ccfbca81731c2c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bf3d524d63cc310c92b0db7147e476385ea6ba9a...64a3870e40cc72163ef7a8913ccfbca81731c2c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251026/5786adb0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list