Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
901d5acb by Neil Williams at 2021-08-17T14:42:44+01:00
Mark two CVEs in qt4-x11 as not affected
Same applies to qtbase-opensource-src
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -65667,17 +65667,27 @@ CVE-2020-24743
RESERVED
CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where
QPluginLoader atte ...)
- qtbase-opensource-src 5.14.2+dfsg-3
+ [buster] - qtbase-opensource-src <not-affected> (Vulnerable code
introduced later)
+ [stretch] - qtbase-opensource-src <not-affected> (Vulnerable code
introduced later)
- qtbase-opensource-src-gles 5.14.2+dfsg-3
- qt4-x11 <removed>
+ [buster] - qt4-x11 <not-affected> (Vulnerable code introduced later)
+ [stretch] - qt4-x11 <not-affected> (Vulnerable code introduced later)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/280730
CVE-2020-24741 (An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where
QLibrar ...)
- qtbase-opensource-src 5.14.2+dfsg-3
+ [buster] - qtbase-opensource-src <not-affected> (Vulnerable code
introduced later)
+ [stretch] - qtbase-opensource-src <not-affected> (Vulnerable code
introduced later)
- qtbase-opensource-src-gles 5.14.2+dfsg-3
- qt4-x11 <removed>
+ [buster] - qt4-x11 <not-affected> (Vulnerable code introduced later)
+ [stretch] - qt4-x11 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugreports.qt.io/browse/QTBUG-81272
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/286795 (5.14.1)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/287102 (5.12.7)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/299105 (dev)
+ NOTE: Vulnerable code introduced at
https://codereview.qt-project.org/c/qt/qtbase/+/286795
+ NOTE:
https://codereview.qt-project.org/c/qt/qtbase/+/286795/2/src/corelib/plugin/qlibrary_unix.cpp
CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF
vulnerab ...)
NOT-FOR-US: Pluck CMS
CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the
background deleti ...)
=====================================
data/dla-needed.txt
=====================================
@@ -55,8 +55,6 @@ python-babel
NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch
(abhijith)
NOTE: 20210620: Revisit when it has an assigned CVE ID (abhijith)
--
-qt4-x11 (codehelp)
---
ruby-kaminari
NOTE: 20200819: The source in Debian (at least in LTS) appears to have a
different lineage to
NOTE: 20200819: the one upstream or in its many forks. For example, both dthe
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/901d5acb9d966dbdeab59a8d21a604137384bb46
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/901d5acb9d966dbdeab59a8d21a604137384bb46
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
