[Git][security-tracker-team/security-tracker][master] 5 commits: Add Debian bug reference for CVE-2021-42521/vtk9

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 24 16:46:25 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0dbe34b by Salvatore Bonaccorso at 2023-02-24T17:41:44+01:00
Add Debian bug reference for CVE-2021-42521/vtk9

- - - - -
91057cc6 by Salvatore Bonaccorso at 2023-02-24T17:42:45+01:00
Add Debian bug reference for CVE-2023-23457/upx-ucl

- - - - -
cdc5e7e2 by Salvatore Bonaccorso at 2023-02-24T17:43:36+01:00
Add Debian bug reference for CVE-2023-0054/vim

- - - - -
74488f66 by Salvatore Bonaccorso at 2023-02-24T17:44:53+01:00
Add Debian bug references for CVE-2023-24607/qt

- - - - -
93fb9f6e by Salvatore Bonaccorso at 2023-02-24T17:45:43+01:00
Add Debian bug references for CVE-2023-24809/nethack

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4803,7 +4803,7 @@ CVE-2023-24811 (Misskey is an open source, decentralized social media platform.
 CVE-2023-24810 (Misskey is an open source, decentralized social media platform. Due to ...)
 	NOT-FOR-US: Misskey
 CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...)
-	- nethack <unfixed>
+	- nethack <unfixed> (bug #1031869)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch
 	NOTE: https://nethack.org/security/CVE-2023-24809.html
 CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...)
@@ -5311,11 +5311,11 @@ CVE-2022-48286 (The multi-screen collaboration module has a privilege escalation
 	NOT-FOR-US: Huawei
 CVE-2023-24607 [When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string]
 	RESERVED
-	- qtbase-opensource-src <unfixed>
+	- qtbase-opensource-src <unfixed> (bug #1031872)
 	[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
 	[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
-	- qt6-base <unfixed>
-	- qtbase-opensource-src-gles <unfixed>
+	- qt6-base <unfixed> (bug #1031871)
+	- qtbase-opensource-src-gles <unfixed> (bug #1031873)
 	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
 	NOTE: https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d (6.4)
@@ -8746,7 +8746,7 @@ CVE-2023-23459 (Priority Windows may allow Command Execution via SQL Injection u
 CVE-2023-23458 (Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information ...)
 	NOT-FOR-US: Sunell DVR
 CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dyn ...)
-	- upx-ucl <unfixed> (unimportant)
+	- upx-ucl <unfixed> (unimportant; bug #1031874)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160382
 	NOTE: https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860
 	NOTE: https://github.com/upx/upx/issues/631
@@ -11399,7 +11399,7 @@ CVE-2023-22604
 CVE-2023-22603
 	REJECTED
 CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. ...)
-	- vim <unfixed>
+	- vim <unfixed> (bug #1031875)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
@@ -106605,7 +106605,7 @@ CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugin
 	NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12
 	NOTE: Memory leak in GUI application, no security impact
 CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it lies  ...)
-	- vtk9 <unfixed>
+	- vtk9 <unfixed> (bug #1031877)
 	[bullseye] - vtk9 <no-dsa> (Minor issue)
 	- vtk7 <unfixed>
 	[bullseye] - vtk7 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b068ca8eaf9b4a7213248d3fb9a1706ae1f2c57...93fb9f6e249ff17cd99827783aa5fa6fba13c13f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b068ca8eaf9b4a7213248d3fb9a1706ae1f2c57...93fb9f6e249ff17cd99827783aa5fa6fba13c13f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230224/77eee0d8/attachment.htm>


More information about the debian-security-tracker-commits mailing list