Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Update Release Notes about fixed CVEs

Browse Source
This commit is contained in:
Mounir IDRASSI
2025-01-14 15:52:03 +01:00
parent 1c38446d78
commit c79f8102e0
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/html/Release Notes.html
View File

@@ -65,6 +65,8 @@
</li>
<li><strong>Linux:</strong>
<ul>
<li>CVE-2024-54187: Added absolute paths when executing system binaries to prevent path hijacking (collaboration with SivertPL @__tfr)</li>
<li>CVE-2025-23021: Prevent mounting volumes on system directories and PATH (reported by SivertPL @__tfr)</li>
<li>Fixed an assertion issue with the wxWidgets library included in Ubuntu.</li>
<li>Improved directory-opening logic by prioritizing xdg-open and adding fallback mechanisms.</li>
<li>Ensure that volume exists before starting the mount operation.</li>
@@ -74,6 +76,8 @@
</li>
<li><strong>macOS:</strong>
<ul>
<li>CVE-2024-54187: Added absolute paths when executing system binaries to prevent path hijacking (collaboration with SivertPL @__tfr)</li>
<li>CVE-2025-23021: Prevent mounting volumes on system directories and PATH (reported by SivertPL @__tfr)</li>
<li>Disabled screen capture by default. Added the --allow-screencapture CLI switch to enable it if needed.</li>
<li>Ensure that volume exists before starting the mount operation.</li>
<li>Implement sudo session detection logic</li>