StarlingX

[Debian] Medium CVE: CVE-2024-6655 gtk+3.0: a library to be injected

Bug #2078666 reported by Yue Tao on 2024-09-02

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	In Progress	Undecided	Peng Zhang

Bug Description

CVE-2024-6655: https://nvd.nist.gov/vuln/detail/CVE-2024-6655

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

Base Score: Medium

Reference:

['libgtk-3-dev_3.24.24-4+deb11u2_amd64.deb===>libgtk-3-dev_3.24.24-4+deb11u4_amd64.deb']

Tags:

Peng Zhang (pzhang2) on 2024-09-03

Changed in starlingx:
assignee:	nobody → Peng Zhang (pzhang2)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote 14 hours ago: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/928105

Changed in starlingx:
status:	New → In Progress

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.