[Git][security-tracker-team/security-tracker][master] Mark two CVEs in qt4-x11 as not affected
Neil Williams (@codehelp)
codehelp at debian.org
Tue Aug 17 14:43:00 BST 2021
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
901d5acb by Neil Williams at 2021-08-17T14:42:44+01:00
Mark two CVEs in qt4-x11 as not affected
Same applies to qtbase-opensource-src
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -65667,17 +65667,27 @@ CVE-2020-24743
RESERVED
CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...)
- qtbase-opensource-src 5.14.2+dfsg-3
+ [buster] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later)
+ [stretch] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later)
- qtbase-opensource-src-gles 5.14.2+dfsg-3
- qt4-x11 <removed>
+ [buster] - qt4-x11 <not-affected> (Vulnerable code introduced later)
+ [stretch] - qt4-x11 <not-affected> (Vulnerable code introduced later)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/280730
CVE-2020-24741 (An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrar ...)
- qtbase-opensource-src 5.14.2+dfsg-3
+ [buster] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later)
+ [stretch] - qtbase-opensource-src <not-affected> (Vulnerable code introduced later)
- qtbase-opensource-src-gles 5.14.2+dfsg-3
- qt4-x11 <removed>
+ [buster] - qt4-x11 <not-affected> (Vulnerable code introduced later)
+ [stretch] - qt4-x11 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugreports.qt.io/browse/QTBUG-81272
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/286795 (5.14.1)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/287102 (5.12.7)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/299105 (dev)
+ NOTE: Vulnerable code introduced at https://codereview.qt-project.org/c/qt/qtbase/+/286795
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/286795/2/src/corelib/plugin/qlibrary_unix.cpp
CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...)
NOT-FOR-US: Pluck CMS
CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...)
=====================================
data/dla-needed.txt
=====================================
@@ -55,8 +55,6 @@ python-babel
NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith)
NOTE: 20210620: Revisit when it has an assigned CVE ID (abhijith)
--
-qt4-x11 (codehelp)
---
ruby-kaminari
NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to
NOTE: 20200819: the one upstream or in its many forks. For example, both dthe
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/901d5acb9d966dbdeab59a8d21a604137384bb46
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/901d5acb9d966dbdeab59a8d21a604137384bb46
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210817/d4711f1e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list