[Git][security-tracker-team/security-tracker][master] new qtsvg issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45ecdfa6 by Moritz Muehlenhoff at 2023-08-18T12:28:40+02:00
new qtsvg issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -172997,8 +172997,13 @@ CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust.
 	NOT-FOR-US: Rust crate bam
 CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...)
 	- jpeg-xl <not-affected> (Fixed before initial release)
-CVE-2021-28025 (Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions ...)
-	TODO: check
+CVE-2021-28025
+	- qt6-svg <not-affected> (Fixed before initial upload to the archive)
+	- qtsvg-opensource-src 5.15.4-2
+	[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
+	- qt4-x11 <removed>
+	NOTE: https://bugreports.qt.io/browse/QTBUG-91507
+	NOTE: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=7bbf88403fd2d1fe79fab7c8e469f8aeafeb7372 (v5.15.4-lts-lgpl)
 CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk  ...)
 	NOT-FOR-US: ServiceTonic
 CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic Helpde ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45ecdfa68a8d7e99287fd2ea207c2fd1a382d854

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45ecdfa68a8d7e99287fd2ea207c2fd1a382d854
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230818/d64914dc/attachment.htm>