Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8397ad9e by Salvatore Bonaccorso at 2024-11-20T20:53:20+01:00
Remove todo item for CVE-2024-49761
It was confirmed in the LTS triage for bullseye that indeed the older
versions were affected as well, drop now the TODO item as the status got
back to be correct.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7645,8 +7645,6 @@ CVE-2024-49761 (REXML is an XML toolkit for Ruby. The
REXML gem before 3.3.9 has
NOTE:
https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
NOTE:
https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f
(v3.3.9)
NOTE:
https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/
- TODO: double-check, advisory claims ruby 3.2 and above are not
affected, but current versions in unstable do not include rexml 3.3.9 yet but
earlier versions
- NOTE: Conversely the vulnerable code appears to be present in old 2.x
branches
CVE-2024-49755 (Duende IdentityServer is an OpenID Connect and OAuth 2.x
framework for ...)
NOT-FOR-US: Duende IdentityServer
CVE-2024-48826 (Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication
command ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8397ad9e40928429e5a43c6e53118d3c567e28f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8397ad9e40928429e5a43c6e53118d3c567e28f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
