[Git][security-tracker-team/security-tracker][master] 2 commits: Marked qtbase-opensource-src CVEs as no-dsa following decision for bullseye or bookworm.
Ola Lundqvist (@opal)
opal at debian.org
Sun Jun 18 09:26:40 BST 2023
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1497f27f by Ola Lundqvist at 2023-06-18T10:26:21+02:00
Marked qtbase-opensource-src CVEs as no-dsa following decision for bullseye or bookworm.
CVE-2023-34410 CVE-2023-33285 and CVE-2023-32763
- - - - -
dbb2afa8 by Ola Lundqvist at 2023-06-18T10:26:22+02:00
Marked qtbase-opensource-src CVE-2023-32762 as postponed for buster.
It is a little problematic but is not important enough to be fixed on its own.
It is not an issue with the most common string casing and also it is only a problem together with http links.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1469,6 +1469,7 @@ CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9,
- qt6-base 6.4.2+dfsg-11 (bug #1037209)
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210)
+ [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qtbase-opensource-src-gles <unfixed>
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -2787,6 +2788,7 @@ CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2
- qt6-base 6.4.2+dfsg-10 (bug #1036848)
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.8+dfsg-11
+ [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qtbase-opensource-src-gles <unfixed>
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -2948,6 +2950,7 @@ CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Co
CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...)
- qt6-base 6.4.2+dfsg-8
- qtbase-opensource-src 5.15.8+dfsg-10
+ [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
- qt4-x11 <removed>
@@ -2959,6 +2962,7 @@ CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9,
CVE-2023-32762 (An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6. ...)
- qt6-base 6.4.2+dfsg-9
- qtbase-opensource-src 5.15.8+dfsg-10
+ [buster] - qtbase-opensource-src <postponed> (Can wait for next upload)
- qtbase-opensource-src-gles <not-affected> (Not built in GLES variant)
NOTE: https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
CVE-2023-34408 (DokuWiki before 2023-04-04a allows XSS via RSS titles.)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5627e3f626e0fa4af12d3dbd617cff2395b3386c...dbb2afa8aa38900e49363bcfd7f68e10386e11af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5627e3f626e0fa4af12d3dbd617cff2395b3386c...dbb2afa8aa38900e49363bcfd7f68e10386e11af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230618/8229ac49/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list