[Git][security-tracker-team/security-tracker][master] qt, gs fixed in sid
Moritz Muehlenhoff
jmm at debian.org
Thu Aug 20 22:23:48 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8563c4d by Moritz Muehlenhoff at 2020-08-20T23:22:40+02:00
qt, gs fixed in sid
new struts/chrony issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14115,7 +14115,7 @@ CVE-2020-17509
CVE-2020-17508
RESERVED
CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...)
- - qtbase-opensource-src <unfixed> (bug #968444)
+ - qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444)
- qt4-x11 <removed>
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch)
@@ -17503,7 +17503,7 @@ CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link
CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated ...)
NOT-FOR-US: Nagios XI
CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...)
- - ghostscript <unfixed>
+ - ghostscript 9.52.1~dfsg-1
[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
[stretch] - ghostscript <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702582
@@ -21385,6 +21385,7 @@ CVE-2020-14368
RESERVED
CVE-2020-14367
RESERVED
+ - chrony 3.5.1-1
CVE-2020-14366
RESERVED
CVE-2020-14365
@@ -22486,7 +22487,7 @@ CVE-2020-13966
CVE-2020-13963
RESERVED
CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...)
- - qtbase-opensource-src <unfixed>
+ - qtbase-opensource-src 5.14.2+dfsg-6
[buster] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
[stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
[jessie] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
@@ -116461,6 +116462,7 @@ CVE-2019-0234 (A Reflected Cross-site Scripting (XSS) vulnerability exists in Ap
NOT-FOR-US: Apache Roller
CVE-2019-0233
RESERVED
+ - libstruts1.2-java <removed>
CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the CGI S ...)
- tomcat9 <not-affected> (Windows-specific)
- tomcat8 <not-affected> (Windows-specific)
@@ -116469,6 +116471,7 @@ CVE-2019-0231 (Handling of the close_notify SSL/TLS message does not lead to a c
NOT-FOR-US: Apache MINA
CVE-2019-0230
RESERVED
+ - libstruts1.2-java <removed>
CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...)
- airflow <itp> (bug #819700)
CVE-2019-0228 (Apache PDFBox 2.0.14 does not properly initialize the XML parser, whic ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8563c4d4653339e455ebb0c5296a246e22cd3ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8563c4d4653339e455ebb0c5296a246e22cd3ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200820/4cdd6fd8/attachment.html>
More information about the debian-security-tracker-commits
mailing list