Arturo Borrero González pushed to branch master at Debian Security Tracker / security-tracker
Commits: 551af19f by Arturo Borrero Gonzalez at 2024-09-23T22:13:20+02:00 CVE-2024-6609: bullseye: mark as fixed in nss > 3.61 The upstream source code for nss starting with 3.61 contains the fix. See also: * https://security-tracker.debian.org/tracker/CVE-2024-6609 * https://searchfox.org/nss/rev/ba9330537e6e94971de8b9bc49460891b23afd4f/lib/freebl/ec.c#379-382 * https://sources.debian.org/src/nss/2%3A3.61-1%2Bdeb11u3/nss/lib/freebl/ec.c/#L372 Signed-off-by: Arturo Borrero Gonzalez <[email protected]> - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -18094,6 +18094,7 @@ CVE-2024-6610 (Form validation popups could capture escape key presses. Therefor CVE-2024-6609 (When almost out-of-memory an elliptic curve key which was never alloca ...) - firefox 128.0-1 - nss 2:3.101-1 + [bullseye] - nss 2:3.61-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6609 NOTE: To address CVE in older versions of src:nss what is needed is to add the error NOTE: handling code (confirmed by upstream): View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551af19f2e7b6aaeb1a28f0b3b2dc608ce7d2dd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551af19f2e7b6aaeb1a28f0b3b2dc608ce7d2dd3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
