CVE-2024-2961

[Manish-Ghumnani]

• [x] I have read the SECURITY.md
• [x] I understand that this repo tracks debian package releases and cannot fix debian CVEs on its own
• [x] this CVE shows a fix is available in the appropriate debian version (buster, bullseye) and channel (main, security) and it has been more than 48 hours.

Please describe the image you encountered this with and a link to the debian security tracker https://security-tracker.debian.org/tracker/CVE-2024-2961

[solotoo]

Hi, is there any movement on this issue, no new image available and trivy reporting

┌─────────┬───────────────┬──────────┬───────────────────┬─────────────────┬────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │  Fixed Version  │                         Title                          │
├─────────┼───────────────┼──────────┼───────────────────┼─────────────────┼────────────────────────────────────────────────────────┤
│ libc6   │ CVE-2024-2961 │ HIGH     │ 2.31-13+deb11u8   │ 2.31-13+deb11u9 │ glibc: Out of bounds write in iconv may lead to remote │
│         │               │          │                   │                 │ code...                                                │
│         │               │          │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-2961              │
└─────────┴───────────────┴──────────┴───────────────────┴─────────────────┴────────────────────────────────────────────────────────┘

[loosebazooka]

This should've been picked up automatically. Lemme take a look

[loosebazooka]

this isn't exactly closed yet, but new images should be up in the next few hours