[Git][security-tracker-team/security-tracker][master] Add golang-github-theupdateframework-go-tuf for CVE-2024-47534

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 31 16:01:10 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51eb8c8d by Salvatore Bonaccorso at 2026-01-31T17:00:38+01:00
Add golang-github-theupdateframework-go-tuf for CVE-2024-47534

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -162971,8 +162971,11 @@ CVE-2024-47608 (Logicytics is designed to harvest and collect data for forensic
 CVE-2024-47604 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...)
 	NOT-FOR-US: NuGet Gallery
 CVE-2024-47534 (go-tuf is a Go implementation of The Update Framework (TUF). The go-tu ...)
+	- golang-github-theupdateframework-go-tuf <not-affected> (Vulnerable code not present)
 	- golang-github-endophage-gotuf <removed>
 	NOTE: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-4f8r-qqr9-fq8j
+	NOTE: Introduced with: https://github.com/theupdateframework/go-tuf/commit/edc30b474f5afd4cc603e17149704d5aa605151d (v2.0.0)
+	NOTE: Fixed by: https://github.com/theupdateframework/go-tuf/commit/f36420caba9edbfdfd64f95a9554c0836d9cf819 (v2.0.1)
 CVE-2024-47071 (OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS En ...)
 	NOT-FOR-US: OSS Endpoint Manager
 CVE-2024-46276 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eb8c8d8a7d179ff3e5cec7cb52c02d55553499

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eb8c8d8a7d179ff3e5cec7cb52c02d55553499
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260131/fe17cdaa/attachment.htm>

More information about the debian-security-tracker-commits mailing list