[Git][security-tracker-team/security-tracker][master] Split CVE-2024-54146 and incomplete fix part into a temporary entry (until CVE assigned)

Salvatore Bonaccorso (@carnil) Mon, 10 Feb 2025 13:06:25 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7c067d31 by Salvatore Bonaccorso at 2025-02-10T22:05:21+01:00
Split CVE-2024-54146 and incomplete fix part into a temporary entry (until CVE 
assigned)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3169,16 +3169,20 @@ CVE-2024-55228 (A cross-site scripting (XSS) 
vulnerability in the Product module
        - dolibarr <removed>
 CVE-2024-55227 (A cross-site scripting (XSS) vulnerability in the 
Events/Agenda module ...)
        - dolibarr <removed>
-CVE-2024-54146 (Cacti is an open source performance and fault management 
framework. Ca ...)
+CVE-2024-XXXX [Incomplete fix for CVE-2024-54146]
        - cacti <unfixed>
        [bookworm] - cacti <not-affected> (Vulnerable code introduced later)
        [bullseye] - cacti <not-affected> (Vulnerable code introduced later)
-       NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj
-       NOTE: Introduced by: 
https://github.com/Cacti/cacti/commit/645775c1f323fc523bc18954f18a3c144a42956a 
(release/1.2.27)
-       NOTE: Not actually fixed in 1.2.29 for GHSA-vj9g-p7f2-4wqj with 
original fix:
-       NOTE: 
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
        NOTE: Proposed fix: https://github.com/Cacti/cacti/pull/6096
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51
+CVE-2024-54146 (Cacti is an open source performance and fault management 
framework. Ca ...)
+       - cacti 1.2.28+ds1-4 (bug #1094574)
+       [bookworm] - cacti <not-affected> (Vulnerable code introduced later)
+       [bullseye] - cacti <not-affected> (Vulnerable code introduced later)
+       NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj
+       NOTE: Introduced by: 
https://github.com/Cacti/cacti/commit/645775c1f323fc523bc18954f18a3c144a42956a 
(release/1.2.27)
+       NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
+       NOTE: Fix is incomplete. Cf. https://github.com/Cacti/cacti/pull/6096
 CVE-2024-54145 (Cacti is an open source performance and fault management 
framework. Ca ...)
        {DSA-5862-1}
        - cacti 1.2.28+ds1-4 (bug #1094574)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c067d31597477b215cde00892c826a2ce97aab8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c067d31597477b215cde00892c826a2ce97aab8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Split CVE-2024-54146 and incomplete fix part into a temporary entry (until CVE assigned)

Reply via email to