bullseye triage

Moritz Muehlenhoff (@jmm) Tue, 20 Feb 2024 02:40:10 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4f594031 by Moritz Muehlenhoff at 2024-02-20T10:51:04+01:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -297,6 +297,8 @@ CVE-2023-50951 (IBM QRadar Suite 1.10.12.0 through 
1.10.17.0 and IBM Cloud Pak f
        NOT-FOR-US: IBM
 CVE-2023-45918 (ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr 
in tinf ...)
        - ncurses 6.4+20230625-1
+       [bookworm] - ncurses <no-dsa> (Minor issue)
+       [bullseye] - ncurses <no-dsa> (Minor issue)
        NOTE: 
https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html
        NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20230615
        NOTE: Fixed in ncurses-6.4-20230615 patchlevel
@@ -363,9 +365,14 @@ CVE-2024-0793
 CVE-2024-25580 [QT KTX buffer overflow]
        [experimental] - qt6-base 6.6.2+dfsg-1
        - qt6-base <unfixed> (bug #1064052)
+       [bookworm] - qt6-base <no-dsa> (Minor issue)
        - qtbase-opensource-src 5.15.10+dfsg-7 (bug #1064053)
+       [bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
+       [bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
        [buster] - qtbase-opensource-src <not-affected> (Vulnerable code not 
present)
        - qtbase-opensource-src-gles <unfixed> (bug #1064054)
+       [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
+       [bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264423
        NOTE: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=28ecb523ce8490bff38b251b3df703c72e057519
        NOTE: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dec1863c7dc63e5788b0c6c061d36e856a6ae2b2
 (v6.6.2)
@@ -1530,6 +1537,8 @@ CVE-2024-1454 (The use-after-free vulnerability was found 
in the AuthentIC drive
        NOTE: Fixed by: 
https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9
 CVE-2023-6681 (A vulnerability was found in JWCrypto. This flaw allows an 
attacker to ...)
        - python-jwcrypto <unfixed>
+       [bookworm] - python-jwcrypto <no-dsa> (Minor issue)
+       [bullseye] - python-jwcrypto <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2260843
 CVE-2023-6110 [deleting a non existing access rule deletes another existing 
access rule in it's scope]
        - python-openstackclient <unfixed>


=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ composer (seb)
 --
 cryptojs
 --
+dav1d
+--
 dnsdist (jmm)
 --
 frr



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f594031caf98a253689a0d3ce5228221070eef2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f594031caf98a253689a0d3ce5228221070eef2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Reply via email to