[Git][security-tracker-team/security-tracker][master] CVE-2018-21035/qtwebsockets-opensource-src no-dsa on jessie

Emilio Pozuelo Monfort pochu at debian.org
Wed Mar 4 09:22:43 GMT 2020



Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6bf45ebe by Emilio Pozuelo Monfort at 2020-03-04T10:19:37+01:00
CVE-2018-21035/qtwebsockets-opensource-src no-dsa on jessie

The upstream fix just adds new API to allow lowering the message
size, but it would need all users to change it, and there are no
rdeps on jessie anyway.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1194,6 +1194,7 @@ CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to
 	- qtwebsockets-opensource-src <unfixed> (bug #953049)
 	[buster] - qtwebsockets-opensource-src <no-dsa> (Minor issue)
 	[stretch] - qtwebsockets-opensource-src <no-dsa> (Minor issue)
+	[jessie] - qtwebsockets-opensource-src <no-dsa> (Minor issue)
 	NOTE: https://bugreports.qt.io/browse/QTBUG-70693
 	NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
 CVE-2020-9445



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bf45ebe0c5d8b15ce72331623afdea1283d51ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bf45ebe0c5d8b15ce72331623afdea1283d51ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200304/4a78cbc2/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list