[Git][security-tracker-team/security-tracker][master] Add CVE-2024-38394/gnome-settings-daemon (though disputed)

Sun, 16 Jun 2024 12:25:21 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cbe9acb6 by Salvatore Bonaccorso at 2024-06-16T21:17:40+02:00
Add CVE-2024-38394/gnome-settings-daemon (though disputed)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,13 @@ CVE-2024-38427 (In International Color Consortium DemoIccMAX 
before 85ce74e, a l
 CVE-2024-38395 (In iTerm2 before 3.5.2, the "Terminal may report window title" 
setting ...)
        TODO: check
 CVE-2024-38394 (Mismatches in interpreting USB authorization policy between 
GNOME Sett ...)
-       TODO: check
+       - gnome-settings-daemon <unfixed>
+       NOTE: https://pulsesecurity.co.nz/advisories/usbguard-bypass
+       NOTE: https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780
+       NOTE: 
https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914
+       NOTE: As per Gnome upstream, consideration of a mitigation for the 
issue within
+       NOTE: gnome-settings-daemon would rather be a new feature but not a 
vulnerbility
+       NOTE: fixing. The CVE assignment is disputed upstream with this context.
 CVE-2024-6016 (A vulnerability, which was classified as critical, has been 
found in i ...)
        NOT-FOR-US: itsourcecode Online Laundry Management System
 CVE-2024-6015 (A vulnerability classified as critical was found in 
itsourcecode Onlin ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe9acb645acffb05a0d787a7e9a87f7cfc0f56c

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe9acb645acffb05a0d787a7e9a87f7cfc0f56c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to