Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8cb1b18c by Salvatore Bonaccorso at 2025-01-15T13:38:44+01:00
Update information on CVE-2024-4109
Upstream did revisit the decision and is providing a fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9041,12 +9041,11 @@ CVE-2024-52901 (IBM InfoSphere Information Server 11.7
could allow an authentica
CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can
perform a ...)
NOT-FOR-US: Scan2Net
CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from
a prev ...)
- - undertow <unfixed> (unimportant)
+ - undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2272325
NOTE: https://github.com/undertow-io/undertow/pull/1668
NOTE: https://issues.redhat.com/browse/UNDERTOW-2451
- NOTE: Marked upstream as 'not a bug' given there are no leakages in the
classes
- NOTE: covered by the pull request #1668 upstream. No security impact.
+ NOTE: Fixed by: https://github.com/undertow-io/undertow/pull/1715
CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog
allows a ...)
NOT-FOR-US: Microsoft
CVE-2024-49071 (Improper authorization of an index that contains sensitive
information ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb1b18c30f22de7a70239be0409dbeca5385c60
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cb1b18c30f22de7a70239be0409dbeca5385c60
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
