[Git][security-tracker-team/security-tracker][master] 5 commits: Add Debian bug reference for CVE-2021-42521/vtk9
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 24 16:46:25 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0dbe34b by Salvatore Bonaccorso at 2023-02-24T17:41:44+01:00
Add Debian bug reference for CVE-2021-42521/vtk9
- - - - -
91057cc6 by Salvatore Bonaccorso at 2023-02-24T17:42:45+01:00
Add Debian bug reference for CVE-2023-23457/upx-ucl
- - - - -
cdc5e7e2 by Salvatore Bonaccorso at 2023-02-24T17:43:36+01:00
Add Debian bug reference for CVE-2023-0054/vim
- - - - -
74488f66 by Salvatore Bonaccorso at 2023-02-24T17:44:53+01:00
Add Debian bug references for CVE-2023-24607/qt
- - - - -
93fb9f6e by Salvatore Bonaccorso at 2023-02-24T17:45:43+01:00
Add Debian bug references for CVE-2023-24809/nethack
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4803,7 +4803,7 @@ CVE-2023-24811 (Misskey is an open source, decentralized social media platform.
CVE-2023-24810 (Misskey is an open source, decentralized social media platform. Due to ...)
NOT-FOR-US: Misskey
CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...)
- - nethack <unfixed>
+ - nethack <unfixed> (bug #1031869)
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch
NOTE: https://nethack.org/security/CVE-2023-24809.html
CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...)
@@ -5311,11 +5311,11 @@ CVE-2022-48286 (The multi-screen collaboration module has a privilege escalation
NOT-FOR-US: Huawei
CVE-2023-24607 [When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string]
RESERVED
- - qtbase-opensource-src <unfixed>
+ - qtbase-opensource-src <unfixed> (bug #1031872)
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- - qt6-base <unfixed>
- - qtbase-opensource-src-gles <unfixed>
+ - qt6-base <unfixed> (bug #1031871)
+ - qtbase-opensource-src-gles <unfixed> (bug #1031873)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
NOTE: https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d (6.4)
@@ -8746,7 +8746,7 @@ CVE-2023-23459 (Priority Windows may allow Command Execution via SQL Injection u
CVE-2023-23458 (Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information ...)
NOT-FOR-US: Sunell DVR
CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dyn ...)
- - upx-ucl <unfixed> (unimportant)
+ - upx-ucl <unfixed> (unimportant; bug #1031874)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160382
NOTE: https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860
NOTE: https://github.com/upx/upx/issues/631
@@ -11399,7 +11399,7 @@ CVE-2023-22604
CVE-2023-22603
REJECTED
CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1031875)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
@@ -106605,7 +106605,7 @@ CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugin
NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12
NOTE: Memory leak in GUI application, no security impact
CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it lies ...)
- - vtk9 <unfixed>
+ - vtk9 <unfixed> (bug #1031877)
[bullseye] - vtk9 <no-dsa> (Minor issue)
- vtk7 <unfixed>
[bullseye] - vtk7 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b068ca8eaf9b4a7213248d3fb9a1706ae1f2c57...93fb9f6e249ff17cd99827783aa5fa6fba13c13f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b068ca8eaf9b4a7213248d3fb9a1706ae1f2c57...93fb9f6e249ff17cd99827783aa5fa6fba13c13f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230224/77eee0d8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list