[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-2990{2,3}/cosign

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 10 08:59:45 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55a8bfbd by Salvatore Bonaccorso at 2026-01-10T09:59:12+01:00
Update status for CVE-2024-2990{2,3}/cosign

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -203707,9 +203707,13 @@ CVE-2024-30728
 CVE-2024-2966 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-29903 (Cosign provides code signing and transparency for containers and binar ...)
-	NOT-FOR-US: Cosign
+	- cosign <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv
+	NOTE: Fixed by: https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e (v2.2.4)
 CVE-2024-29902 (Cosign provides code signing and transparency for containers and binar ...)
-	NOT-FOR-US: Cosign
+	- cosign <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc
+	NOTE: Fixed by: https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e (v2.2.4)
 CVE-2024-29504 (Cross Site Scripting vulnerability in Summernote v.0.8.18 and before a ...)
 	NOT-FOR-US: Summernote
 CVE-2024-29460 (An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55a8bfbdee680afbce0a7cade501d9ecc9b473f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55a8bfbdee680afbce0a7cade501d9ecc9b473f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/0913b1df/attachment.htm>

More information about the debian-security-tracker-commits mailing list