[Git][security-tracker-team/security-tracker][master] mark nginx as unimportant

Moritz Muehlenhoff (@jmm) Fri, 31 May 2024 04:00:13 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d7512197 by Moritz Muehlenhoff at 2024-05-31T12:59:19+02:00
mark nginx as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -675,31 +675,35 @@ CVE-2024-35284 (A vulnerability in the legacy chat 
component of Mitel MiContact
 CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact 
Center Busi ...)
        NOT-FOR-US: Mitel
 CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 
QUIC mod ...)
-       - nginx <unfixed>
+       - nginx <unfixed> (unimportant)
        [bookworm] - nginx <not-affected> (Vulnerable code not present)
        [bullseye] - nginx <not-affected> (Vulnerable code not present)
        [buster] - nginx <not-affected> (Vulnerable code not present)
        NOTE: 
https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
+       NOTE: HTTP3 not enabled in Debian build
 CVE-2024-34715 (Fides is an open-source privacy engineering platform. The 
Fides webser ...)
        NOT-FOR-US: Fides
 CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 
QUIC mod ...)
-       - nginx <unfixed>
+       - nginx <unfixed> (unimportant)
        [bookworm] - nginx <not-affected> (Vulnerable code not present)
        [bullseye] - nginx <not-affected> (Vulnerable code not present)
        [buster] - nginx <not-affected> (Vulnerable code not present)
        NOTE: 
https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
+       NOTE: HTTP3 not enabled in Debian build
 CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 
QUIC mod ...)
-       - nginx <unfixed>
+       - nginx <unfixed> (unimportant)
        [bookworm] - nginx <not-affected> (Vulnerable code not present)
        [bullseye] - nginx <not-affected> (Vulnerable code not present)
        [buster] - nginx <not-affected> (Vulnerable code not present)
        NOTE: 
https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
+       NOTE: HTTP3 not enabled in Debian build
 CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 
QUIC mod ...)
-       - nginx <unfixed>
+       - nginx <unfixed> (unimportant)
        [bookworm] - nginx <not-affected> (Vulnerable code not present)
        [bullseye] - nginx <not-affected> (Vulnerable code not present)
        [buster] - nginx <not-affected> (Vulnerable code not present)
        NOTE: 
https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html
+       NOTE: HTTP3 not enabled in Debian build
 CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an 
Inadequat ...)
        NOT-FOR-US: Dell
 CVE-2024-28826 (Improper restriction of local upload and download paths in 
check_sftp  ...)
@@ -35043,17 +35047,19 @@ CVE-2024-25165 (A global-buffer-overflow 
vulnerability was found in SWFTools v0.
        - swftools <removed>
        NOTE: https://github.com/matthiaskramm/swftools/issues/217
 CVE-2024-24990 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 
QUIC mod ...)
-       - nginx 1.26.0-1
+       - nginx 1.26.0-1 (unimportant)
        [bookworm] - nginx <not-affected> (Vulnerable code not present)
        [bullseye] - nginx <not-affected> (Vulnerable code not present)
        [buster] - nginx <not-affected> (Vulnerable code not present)
        NOTE: 
https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html
+       NOTE: HTTP3 not enabled in Debian build
 CVE-2024-24989 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 
QUIC mod ...)
-       - nginx 1.26.0-1
+       - nginx 1.26.0-1 (unimportant)
        [bookworm] - nginx <not-affected> (Vulnerable code not present)
        [bullseye] - nginx <not-affected> (Vulnerable code not present)
        [buster] - nginx <not-affected> (Vulnerable code not present)
        NOTE: 
https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html
+       NOTE: HTTP3 not enabled in Debian build
 CVE-2024-24966 (When LDAP remote authentication is configured on F5OS, a 
remote user w ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2024-24775 (When a virtual server is enabled with VLAN group and SNAT 
listener is  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7512197aba361a48a53114718c1ce6a63ccfbed

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7512197aba361a48a53114718c1ce6a63ccfbed
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] mark nginx as unimportant

Reply via email to