[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVEs for nvidia-graphics-drivers-legacy-340xx as ignored for buster.

Ola Lundqvist (@opal) Thu, 07 Mar 2024 14:57:40 -0800


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fc30ba59 by Ola Lundqvist at 2024-03-07T23:54:31+01:00
Marked CVEs for nvidia-graphics-drivers-legacy-340xx as ignored for buster.

- - - - -
c7598151 by Ola Lundqvist at 2024-03-07T23:54:32+01:00
Analyzed freeipa further and concluded that it is safest to fix in buster.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2053,6 +2053,7 @@ CVE-2024-0074
        [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984)
+       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia anymore)
        - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985)
        [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free 
not supported)
        - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986)
@@ -2076,6 +2077,7 @@ CVE-2024-42265
        [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984)
+       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia anymore)
        - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985)
        [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free 
not supported)
        - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986)
@@ -2095,6 +2097,7 @@ CVE-2024-0078
        [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1064984)
+       [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not 
supported, no updates provided by Nvidia anymore)
        - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1064985)
        [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free 
not supported)
        - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1064986)
@@ -4627,6 +4630,10 @@ CVE-2024-1481 [specially crafted HTTP requests 
potentially lead to DoS or data e
        NOTE: ipa-4.10: 
https://pagure.io/freeipa/c/204011dc0514681511275a4b70a13bfa85c1a538
        NOTE: ipa-4.9: 
https://pagure.io/freeipa/c/b039f3087a13de3f34b230dbe29a7cfb1965700d
        NOTE: ipa-4.9: 
https://pagure.io/freeipa/c/96a478bbedd49c31e0f078f00f2d1cb55bb952fd
+       NOTE: For buster (and most likely later versions) the vulnerable 
rpcserver.py code
+       NOTE: is not part of the provided binary packages. The kinit.py file is 
however and
+       NOTE: it is not entirelly clear whether this may be used in a 
vulnerable way when
+       NOTE: the client is used for authentication purposes.
 CVE-2024-26270 (The Account Settings page in Liferay Portal 7.4.3.76 through 
7.4.3.99, ...)
        NOT-FOR-US: Liferay
 CVE-2024-26268 (User enumeration vulnerability in Liferay Portal 7.2.0 through 
7.4.3.2 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -107,6 +107,9 @@ fontforge (Adrian Bunk)
 freeimage
   NOTE: 20240121: Added by Front-Desk (apo)
 --
+freeipa
+  NOTE: 20240307: Added by Front-Desk (opal)
+--
 frr (Abhijith PA)
   NOTE: 20231119: Added by Front-Desk (apo)
   NOTE: 20240206: Continuing fixing the remaining issues (abhijith)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7a5e90b49c6c4a2acc4af8b4d02620ba98dcdf1...c7598151ce5abc8f421106343ee505caa98c0db8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7a5e90b49c6c4a2acc4af8b4d02620ba98dcdf1...c7598151ce5abc8f421106343ee505caa98c0db8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVEs for nvidia-graphics-drivers-legacy-340xx as ignored for buster.

Reply via email to