[Git][security-tracker-team/security-tracker][master] lts: mark CVE-2021-28025/qt4-x11 as no-dsa on buster

Tue, 03 Oct 2023 00:06:31 -0700 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c002401 by Emilio Pozuelo Monfort at 2023-10-03T09:03:11+02:00
lts: mark CVE-2021-28025/qt4-x11 as no-dsa on buster

It's likely fixed, but there's no point in having it listed
in dla-needed indefinitely.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -179627,6 +179627,7 @@ CVE-2021-28025 (Integer Overflow vulnerability in 
qsvghandler.cpp in Qt qtsvg ve
        [bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
        [buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
        - qt4-x11 <removed>
+       [buster] - qt4-x11 <no-dsa> (Minor issue)
        NOTE: https://bugreports.qt.io/browse/QTBUG-91507
        NOTE: 
https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=7bbf88403fd2d1fe79fab7c8e469f8aeafeb7372
 (v5.15.4-lts-lgpl)
        NOTE: Potentially to be considered a duplicte of CVE-2021-3481, ongoing 
clarification


=====================================
data/dla-needed.txt
=====================================
@@ -154,10 +154,6 @@ qemu (Sean Whitton)
   NOTE: 20230924: Added by Front-Desk (apo)
   NOTE: 20230924: Consider fixing postponed issues as well. (apo)
 --
-qt4-x11
-  NOTE: 20230822: Re-added for one remaining open CVE (roberto)
-  NOTE: 20230822: CVE-2021-28025 maybe a dup of CVE-2021-3481; once resolved, 
fix or remove entry from this file (roberto)
---
 rails
   NOTE: 20220909: Re-added due to regression (abhijith)
   NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0024016213ebcb9f4f72ef8118322e005e5b71

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0024016213ebcb9f4f72ef8118322e005e5b71
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to