Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51eb8c8d by Salvatore Bonaccorso at 2026-01-31T17:00:38+01:00
Add golang-github-theupdateframework-go-tuf for CVE-2024-47534
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -162971,8 +162971,11 @@ CVE-2024-47608 (Logicytics is designed to harvest
and collect data for forensic
CVE-2024-47604 (NuGet Gallery is a package repository that powers nuget.org.
The NuGet ...)
NOT-FOR-US: NuGet Gallery
CVE-2024-47534 (go-tuf is a Go implementation of The Update Framework (TUF).
The go-tu ...)
+ - golang-github-theupdateframework-go-tuf <not-affected> (Vulnerable
code not present)
- golang-github-endophage-gotuf <removed>
NOTE:
https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-4f8r-qqr9-fq8j
+ NOTE: Introduced with:
https://github.com/theupdateframework/go-tuf/commit/edc30b474f5afd4cc603e17149704d5aa605151d
(v2.0.0)
+ NOTE: Fixed by:
https://github.com/theupdateframework/go-tuf/commit/f36420caba9edbfdfd64f95a9554c0836d9cf819
(v2.0.1)
CVE-2024-47071 (OSS Endpoint Manager is an endpoint manager module for
FreePBX. OSS En ...)
NOT-FOR-US: OSS Endpoint Manager
CVE-2024-46276 (cute_png v1.05 was discovered to contain a heap buffer
overflow via th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eb8c8d8a7d179ff3e5cec7cb52c02d55553499
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eb8c8d8a7d179ff3e5cec7cb52c02d55553499
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
