Does version 3.11.1 address CVE-2024-45411? #4387

0hmac · 2024-10-09T09:42:21Z

0hmac
Oct 9, 2024

(Sorry if it is difficult to read due to machine translation)
Version 3.11.1 is not listed among the patched versions on the Security page or in the CVE.

GHSA-6j75-5wfj-gh66

https://www.cve.org/CVERecord?id=CVE-2024-45411

However, according to the following GitHub history, version 3.11.1 appears to be included as a patched version.

GHSA-6j75-5wfj-gh66

41103dc

Does version 3.11.1 address CVE-2024-45411?
Thanks in advance for any guidance.

Answered by stof

Oct 9, 2024

yes it does.
the patch has been backported to 3.11 later one. The "affected versions" part of the advisory has been updated to account for the backport, but the "patched versions" has been forgotten.

View full answer

stof · 2024-10-09T17:03:08Z

stof
Oct 9, 2024
Collaborator

yes it does.
the patch has been backported to 3.11 later one. The "affected versions" part of the advisory has been updated to account for the backport, but the "patched versions" has been forgotten.

1 reply

0hmac Oct 9, 2024
Author

Hello stof.
Indeed, the “affected versions” showed that 3.11.1 is not affected by the vulnerability.
Thank you very much for your answer!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Does version 3.11.1 address CVE-2024-45411? #4387

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Does version 3.11.1 address CVE-2024-45411? #4387

0hmac Oct 9, 2024

Replies: 1 comment · 1 reply

stof Oct 9, 2024 Collaborator

0hmac Oct 9, 2024 Author

0hmac
Oct 9, 2024

Replies: 1 comment 1 reply

stof
Oct 9, 2024
Collaborator

0hmac Oct 9, 2024
Author