[Git][security-tracker-team/security-tracker][master] fort-validator spu

Moritz Muehlenhoff (@jmm) Thu, 27 Feb 2025 07:26:40 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
05e2a117 by Moritz Mühlenhoff at 2025-02-27T16:25:50+01:00
fort-validator spu

- - - - -


3 changed files:

- data/CVE/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22364,6 +22364,7 @@ CVE-2024-56173 (In Optimizely Configured Commerce 
before 5.2.2408, malicious pay
 CVE-2024-48943
        {DLA-4066-1}
        - fort-validator 1.6.4-1
+       [bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html
        NOTE: 
https://github.com/NICMx/FORT-validator/commit/4ee88d1c3fa7df763dd52312134cd93c1ce50870
 (1.6.4)
 CVE-2024-56170 (A validation integrity issue was discovered in Fort through 
1.6.4 befo ...)
@@ -53111,31 +53112,37 @@ CVE-2024-45240 (The TikTok (aka 
com.zhiliaoapp.musically) application before 34.
 CVE-2024-45239 (An issue was discovered in Fort before 1.6.3. A malicious RPKI 
reposit ...)
        {DLA-4066-1}
        - fort-validator 1.6.3-1
+       [bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html
        NOTE: 
https://github.com/NICMx/FORT-validator/commit/942f921ba7244cdcf4574cedc4c16392a7cc594b
 (1.6.3)
 CVE-2024-45238 (An issue was discovered in Fort before 1.6.3. A malicious RPKI 
reposit ...)
        {DLA-4066-1}
        - fort-validator 1.6.3-1
+       [bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html
        NOTE: 
https://github.com/NICMx/FORT-validator/commit/5689dea5e878fed28c5f338a27d7cda4151a14f1
 (1.6.3)
 CVE-2024-45237 (An issue was discovered in Fort before 1.6.3. A malicious RPKI 
reposit ...)
        {DLA-4066-1}
        - fort-validator 1.6.3-1
+       [bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html
        NOTE: 
https://github.com/NICMx/FORT-validator/commit/939d988551d17996be73f52c376a70a3d6ba69f9
 (1.6.3)
 CVE-2024-45236 (An issue was discovered in Fort before 1.6.3. A malicious RPKI 
reposit ...)
        {DLA-4066-1}
        - fort-validator 1.6.3-1
+       [bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html
        NOTE: 
https://github.com/NICMx/FORT-validator/commit/4dafbd9de64a5a0616af97365bc1751465b29d2e
 (1.6.3)
 CVE-2024-45235 (An issue was discovered in Fort before 1.6.3. A malicious RPKI 
reposit ...)
        {DLA-4066-1}
        - fort-validator 1.6.3-1
+       [bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html
        NOTE: 
https://github.com/NICMx/FORT-validator/commit/b1eb3c507ae920859bbe294776ebc2bb30bb7e56
 (1.6.3)
 CVE-2024-45234 (An issue was discovered in Fort before 1.6.3. A malicious RPKI 
reposit ...)
        {DLA-4066-1}
        - fort-validator 1.6.3-1
+       [bookworm] - fort-validator <no-dsa> (Will be fixed via spu)
        NOTE: https://nicmx.github.io/FORT-validator/CVE.html
        NOTE: 
https://github.com/NICMx/FORT-validator/commit/521b1a0db5041258096fbabdf8fc1e10ecc793cf
 (1.6.3)
 CVE-2024-42340 (CyberArk - CWE-602: Client-Side Enforcement of Server-Side 
Security)


=====================================
data/dsa-needed.txt
=====================================
@@ -14,9 +14,6 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 emacs (jmm)
 --
-fort-validator
-  probably best to bump bookworm to current upstream
---
 frr
   coordination with the maintainer ongoing, Daniel Baumann proposing an update
 --


=====================================
data/next-point-update.txt
=====================================
@@ -152,3 +152,17 @@ CVE-2024-11053
        [bookworm] - curl 7.88.1-10+deb12u10
 CVE-2025-22145
        [bookworm] - php-nesbot-carbon 2.65.0-1+deb12u1
+CVE-2024-45234
+       [bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45235
+       [bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45236
+       [bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45237
+       [bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45238
+       [bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-45239
+       [bookworm] - fort-validator 1.5.4-1+deb12u1
+CVE-2024-48943
+       [bookworm] - fort-validator 1.5.4-1+deb12u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e2a117d821062a078d3a34281353cf1c12adbc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e2a117d821062a078d3a34281353cf1c12adbc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] fort-validator spu

Reply via email to