Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8f36ef90 by Salvatore Bonaccorso at 2026-06-05T19:20:58+02:00
Decouple some CVEs in DSA 6322-1/frr
Those were already fixed in trixie, so we should not list them in the
DSA covering both versions, otherwise we make the statment that tey are
fixed as well in trixie only in the specified release and the previous
one was vulnerable, which is not correct in those cases. Decouple those
and just list in the DSA those covering both releases.
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -275751,8 +275751,8 @@ CVE-2024-3411 (Implementations of IPMI Authenticated
sessions does not provide e
CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to
unautho ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the
get_edge() func ...)
- {DSA-6322-1}
- frr 10.0.1-0.1 (bug #1070377)
+ [bookworm] - frr 8.4.4-1.1~deb12u2
[bullseye] - frr <not-affected> (Vulnerable code introduced later)
[buster] - frr <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/FRRouting/frr/pull/15674
@@ -282758,8 +282758,8 @@ CVE-2024-3431 (A vulnerability was found in EyouCMS
1.6.5. It has been declared
CVE-2024-3430 (A vulnerability was found in QKSMS up to 3.9.4 on Android. It
has been ...)
NOT-FOR-US: QKSMS
CVE-2024-31951 (In the Opaque LSA Extended Link parser in FRRouting (FRR)
through 9.1, ...)
- {DSA-6322-1}
- frr 10.0.1-0.1 (bug #1070377)
+ [bookworm] - frr 8.4.4-1.1~deb12u2
[bullseye] - frr <not-affected> (Vulnerable code not present)
[buster] - frr <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FRRouting/frr/pull/15674/
@@ -282769,8 +282769,8 @@ CVE-2024-31951 (In the Opaque LSA Extended Link
parser in FRRouting (FRR) throug
NOTE:
https://github.com/FRRouting/frr/commit/e08495a4a8ad4d2050691d9e5e13662d2635b2e0
NOTE: vulnerable feature introduced in
https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5
(first shipped with 8.0)
CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow
and dae ...)
- {DSA-6322-1}
- frr 10.0.1-0.1 (bug #1070377)
+ [bookworm] - frr 8.4.4-1.1~deb12u2
[bullseye] - frr <not-affected> (Vulnerable code not present)
[buster] - frr <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FRRouting/frr/pull/15674/
@@ -294585,8 +294585,8 @@ CVE-2023-51786 (An issue was discovered in Lustre
versions 2.13.x, 2.14.x, and 2
- lustre <removed>
NOTE:
http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html
CVE-2024-27913 (ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through
9.1 all ...)
- {DSA-6322-1}
- frr 9.1-0.1 (bug #1065144)
+ [bookworm] - frr 8.4.4-1.1~deb12u2
[bullseye] - frr <not-affected> (Vulnerable code not present)
[buster] - frr <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FRRouting/frr/pull/15431
@@ -333634,8 +333634,8 @@ CVE-2023-3750 (A flaw was found in libvirt. The
virStoragePoolObjListSearch func
NOTE: Introduced with:
https://gitlab.com/libvirt/libvirt/-/commit/0c4b391e2a90c3e0f8a8721cb539e03f14eb1d5e
(v8.3.0-rc1)
NOTE: Fixed by:
https://gitlab.com/libvirt/libvirt/-/commit/9a47442366fcf8a7b6d7422016d7bbb6764a1098
(v9.6.0-rc1)
CVE-2023-3748 (A flaw was found in FRRouting when parsing certain babeld
unicast hell ...)
- {DSA-6322-1}
- frr 9.1-0.1 (bug #1042473)
+ [bookworm] - frr 8.4.4-1.1~deb12u2
[bullseye] - frr <not-affected> (The vulnerable code was introduced
later)
[buster] - frr <not-affected> (The vulnerable code was introduced later)
NOTE: https://github.com/FRRouting/frr/issues/11808
=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
[05 Jun 2026] DSA-6322-1 frr - security update
- {CVE-2023-3748 CVE-2024-27913 CVE-2024-31950 CVE-2024-31951
CVE-2024-34088 CVE-2025-61099 CVE-2025-61100 CVE-2025-61101 CVE-2025-61102
CVE-2025-61103 CVE-2025-61104 CVE-2025-61105 CVE-2025-61106 CVE-2025-61107
CVE-2026-5107 CVE-2026-28532 CVE-2026-37457 CVE-2026-37458}
+ {CVE-2024-31951 CVE-2025-61099 CVE-2025-61100 CVE-2025-61101
CVE-2025-61102 CVE-2025-61103 CVE-2025-61104 CVE-2025-61105 CVE-2025-61106
CVE-2025-61107 CVE-2026-5107 CVE-2026-28532 CVE-2026-37457 CVE-2026-37458}
[bookworm] - frr 8.4.4-1.1~deb12u2
[trixie] - frr 10.3-3+deb13u1
[03 Jun 2026] DSA-6321-1 ceph - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f36ef9018820b0f194ece27707ff7fac8abd393
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f36ef9018820b0f194ece27707ff7fac8abd393
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
