Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits: 901d5acb by Neil Williams at 2021-08-17T14:42:44+01:00 Mark two CVEs in qt4-x11 as not affected Same applies to qtbase-opensource-src - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -65667,17 +65667,27 @@ CVE-2020-24743 RESERVED CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...) - qtbase-opensource-src 5.14.2+dfsg-3 + [buster] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later) + [stretch] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later) - qtbase-opensource-src-gles 5.14.2+dfsg-3 - qt4-x11 <removed> + [buster] - qt4-x11 <not-affected> (Vulnerable code introduced later) + [stretch] - qt4-x11 <not-affected> (Vulnerable code introduced later) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/280730 CVE-2020-24741 (An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrar ...) - qtbase-opensource-src 5.14.2+dfsg-3 + [buster] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later) + [stretch] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later) - qtbase-opensource-src-gles 5.14.2+dfsg-3 - qt4-x11 <removed> + [buster] - qt4-x11 <not-affected> (Vulnerable code introduced later) + [stretch] - qt4-x11 <not-affected> (Vulnerable code introduced later) NOTE: https://bugreports.qt.io/browse/QTBUG-81272 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/286795 (5.14.1) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/287102 (5.12.7) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/299105 (dev) + NOTE: Vulnerable code introduced at https://codereview.qt-project.org/c/qt/qtbase/+/286795 + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/286795/2/src/corelib/plugin/qlibrary_unix.cpp CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...) NOT-FOR-US: Pluck CMS CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...) ===================================== data/dla-needed.txt ===================================== @@ -55,8 +55,6 @@ python-babel NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith) NOTE: 20210620: Revisit when it has an assigned CVE ID (abhijith) -- -qt4-x11 (codehelp) --- ruby-kaminari NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to NOTE: 20200819: the one upstream or in its many forks. For example, both dthe View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/901d5acb9d966dbdeab59a8d21a604137384bb46 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/901d5acb9d966dbdeab59a8d21a604137384bb46 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits