[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for CVE-2024-41147/miniaudio

Sun, 09 Mar 2025 07:30:38 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
12c7b934 by Salvatore Bonaccorso at 2025-03-09T15:28:02+01:00
Track fixed version for CVE-2024-41147/miniaudio

- - - - -
9c57f3ad by Salvatore Bonaccorso at 2025-03-09T15:29:26+01:00
Revert "CVE-2025-22870"

This reverts commit 1d5f791d005926a07e6546d299235274558e7b88.

No need to duplicate this information which is plaintext from the
advisory from go.

Instread add a tempoary description until the CVE feed get an update.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1050,7 +1050,7 @@ CVE-2024-0141 (NVIDIA Hopper HGX for 8-GPU contains a 
vulnerability in the GPU v
        NOT-FOR-US: NVIDIA
 CVE-2024-0114 (NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX 
Manage ...)
        NOT-FOR-US: NVIDIA
-CVE-2025-22870
+CVE-2025-22870 [Matching of hosts against proxy patterns could improperly 
treat an IPv6 zone ID as a hostname component]
        - golang-1.24 1.24.1-1
        - golang-1.23 1.23.7-1
        - golang-1.19 <removed>
@@ -1059,8 +1059,6 @@ CVE-2025-22870
        NOTE: https://github.com/golang/go/issues/71984
        NOTE: Fixed by: 
https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a 
(go1.24.1)
        NOTE: Fixed by: 
https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7 
(go1.23.7)
-       NOTE: Matching of hosts against proxy patterns could improperly treat 
an IPv6 zone ID as a hostname component.
-       NOTE: For example, when the NO_PROXY environment variable was set to 
"*.example.com", a request to "[::1%25.example.com]:80` would incorrectly match 
and not be proxied.
 CVE-2025-1923 (Inappropriate implementation in Permission Prompts in Google 
Chrome pr ...)
        {DSA-5875-1}
        - chromium 134.0.6998.35-1
@@ -1189,7 +1187,7 @@ CVE-2024-50705 (Unauthenticated reflected cross-site 
scripting (XSS) vulnerabili
 CVE-2024-50704 (Unauthenticated remote code execution vulnerability in 
Uniguest Triple ...)
        NOT-FOR-US: Uniguest Tripleplay
 CVE-2024-41147 (An out-of-bounds write vulnerability exists in the 
ma_dr_flac__decode_ ...)
-       - miniaudio <unfixed> (bug #1099609)
+       - miniaudio 0.11.22+dfsg-1 (bug #1099609)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2063
        NOTE: https://github.com/mackron/miniaudio/issues/961
        NOTE: Fixed by: 
https://github.com/mackron/miniaudio/commit/ee506b17ea25c6bcb58d79700cf0c015a2ad1b3e
 (0.11.22)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d5f791d005926a07e6546d299235274558e7b88...9c57f3ad24735acf394f6d1631084ad175938654

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1d5f791d005926a07e6546d299235274558e7b88...9c57f3ad24735acf394f6d1631084ad175938654
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to