[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-0569 and CVE-2020-0570

Salvatore Bonaccorso carnil at debian.org
Thu Jan 30 19:56:43 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d5b0ea5 by Salvatore Bonaccorso at 2020-01-30T20:56:20+01:00
Update information on CVE-2020-0569 and CVE-2020-0570

For CVE-2020-0570 Lisandro asked back to upstream about confirmation on
the affected ranges. Upstream confirmed that the issue is not present
before 5.12:

> The patch just make sure that we don't do wrong call when the search prefixes
> contains '/'
> But before 5.12 (commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d), there were
> no search prefixes with '/' in them.
> So no need to apply the patch in earlier versions.

Remove as well the now uneeded TODO item from CVE-2020-0569, as the
issue does not apply to the old qt4-x11.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20928,12 +20928,12 @@ CVE-2020-0570
 	[stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.0 through 5.14.0)
 	NOTE: https://bugreports.qt.io/browse/QTBUG-81272
 	NOTE: Patch: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd
+	NOTE: https://lists.qt-project.org/pipermail/development/2020-January/038534.html
 CVE-2020-0569
 	RESERVED
 	- qtbase-opensource-src <unfixed>
 	NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404
 	NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
-	TODO: check qt4-x11
 CVE-2020-0568
 	RESERVED
 CVE-2020-0567



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d5b0ea55c4f5f2d1498d76b835d2e4f4fab01bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d5b0ea55c4f5f2d1498d76b835d2e4f4fab01bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200130/914e3fee/attachment.html>

More information about the debian-security-tracker-commits mailing list