[Git][security-tracker-team/security-tracker][master] Reserve DLA-3539-1 for qt4-x11
Roberto C. Sánchez (@roberto)
roberto at debian.org
Tue Aug 22 23:34:26 BST 2023
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb7935a5 by Roberto C. Sánchez at 2023-08-22T18:34:01-04:00
Reserve DLA-3539-1 for qt4-x11
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -121452,7 +121452,6 @@ CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an
[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
- [buster] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
@@ -168533,7 +168532,6 @@ CVE-2021-3481 (A flaw was found in Qt. An out-of-bounds read vulnerability was f
- qtsvg-opensource-src 5.15.2-3 (bug #986798)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
- [buster] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931444
NOTE: https://bugreports.qt.io/browse/QTBUG-91507
NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0d8cf34b63d32adf10ed93daa0086b359f (qt/qtsvg/dev)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Aug 2023] DLA-3539-1 qt4-x11 - security update
+ {CVE-2021-3481 CVE-2021-45930 CVE-2023-32573 CVE-2023-32763 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197}
+ [buster] - qt4-x11 4:4.8.7+dfsg-18+deb10u2
[22 Aug 2023] DLA-3538-1 zabbix - security update
{CVE-2013-7484 CVE-2019-17382 CVE-2022-35229 CVE-2022-43515 CVE-2023-29450 CVE-2023-29451 CVE-2023-29454 CVE-2023-29455 CVE-2023-29456 CVE-2023-29457}
[buster] - zabbix 1:4.0.4+dfsg-1+deb10u2
=====================================
data/dla-needed.txt
=====================================
@@ -157,11 +157,6 @@ python-os-brick
qpdf (Thorsten Alteholz)
NOTE: 20230820: Added by Front-Desk (ta)
--
-qt4-x11 (Roberto C. Sánchez)
- NOTE: 20230612: Added by Front-Desk (apo)
- NOTE: 20230615: VCS: https://salsa.debian.org/qt-kde-team/qt/qt4-x11
- NOTE: 20230822: New CVEs have been reported (roberto)
---
rails (utkarsh)
NOTE: 20220909: Re-added due to regression (abhijith)
NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7935a5dfd17f87c28ebb94f1b84c6a3bf334b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7935a5dfd17f87c28ebb94f1b84c6a3bf334b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230822/6b1d5569/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list