[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-6716 as unimportant

Tue, 23 Jul 2024 22:48:48 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
64351972 by Salvatore Bonaccorso at 2024-07-24T07:46:55+02:00
Mark CVE-2024-6716 as unimportant

Risk of OOM documented and following recommendations mitigate the
problems. So treat this as unimportant for now. Do not mark it as fixed
with the manpage update (which might be discussed to do, as this will be
the version including the recommendations in an offcial documentation).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2003,10 +2003,11 @@ CVE-2023-52885 (In the Linux kernel, the following 
vulnerability has been resolv
 CVE-2024-6465 (The WP Links Page plugin for WordPress is vulnerable to 
unauthorized m ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6716 (A flaw was found in the libtiff library. An out-of-memory issue 
in the ...)
-       - tiff <unfixed>
+       - tiff <unfixed> (unimportant)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2297636
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/620
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553
+       NOTE: Negligible security impact if following 
documentation/recommendations
 CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path 
Disclosure ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6070 (The If-So Dynamic Content Personalization WordPress plugin 
before 1.8. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64351972f9a5938524c44201794a90802e489d9e

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64351972f9a5938524c44201794a90802e489d9e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to