[Git][security-tracker-team/security-tracker][master] lts: mark CVE-2021-28025/qt4-x11 as no-dsa on buster

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Tue Oct 3 08:06:23 BST 2023 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c002401 by Emilio Pozuelo Monfort at 2023-10-03T09:03:11+02:00
lts: mark CVE-2021-28025/qt4-x11 as no-dsa on buster

It's likely fixed, but there's no point in having it listed
in dla-needed indefinitely.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -179627,6 +179627,7 @@ CVE-2021-28025 (Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg ve
 	[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	- qt4-x11 <removed>
+	[buster] - qt4-x11 <no-dsa> (Minor issue)
 	NOTE: https://bugreports.qt.io/browse/QTBUG-91507
 	NOTE: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=7bbf88403fd2d1fe79fab7c8e469f8aeafeb7372 (v5.15.4-lts-lgpl)
 	NOTE: Potentially to be considered a duplicte of CVE-2021-3481, ongoing clarification


=====================================
data/dla-needed.txt
=====================================
@@ -154,10 +154,6 @@ qemu (Sean Whitton)
   NOTE: 20230924: Added by Front-Desk (apo)
   NOTE: 20230924: Consider fixing postponed issues as well. (apo)
 --
-qt4-x11
-  NOTE: 20230822: Re-added for one remaining open CVE (roberto)
-  NOTE: 20230822: CVE-2021-28025 maybe a dup of CVE-2021-3481; once resolved, fix or remove entry from this file (roberto)
---
 rails
   NOTE: 20220909: Re-added due to regression (abhijith)
   NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0024016213ebcb9f4f72ef8118322e005e5b71

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c0024016213ebcb9f4f72ef8118322e005e5b71
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231003/d37a9ff6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list