[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8300f1e5 by Moritz Muehlenhoff at 2024-02-16T16:10:06+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,9 +8,9 @@ CVE-2023-52161
 CVE-2024-0793
 	NOT-FOR-US: kube-controller-manager
 CVE-2024-25580 [QT KTX buffer overflow]
-	- qt6-base <unfixed>
-	- qtbase-opensource-src <unfixed>
-	- qtbase-opensource-src-gles <unfixed>
+	- qt6-base <unfixed> (bug #1064052)
+	- qtbase-opensource-src <unfixed> (bug #1064053)
+	- qtbase-opensource-src-gles <unfixed> (bug #1064054)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264423
 	NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=28ecb523ce8490bff38b251b3df703c72e057519
 	NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff
@@ -85,7 +85,7 @@ CVE-2024-21891
 	- nodejs <not-affected> (Only affects 20.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium
 CVE-2023-46809
-	- nodejs <unfixed>
+	- nodejs <unfixed> (bug #1064055)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
 CVE-2024-22017
 	[experimental] - nodejs <unfixed>
@@ -96,10 +96,10 @@ CVE-2024-21896
 	- nodejs <not-affected> (Only affects 20.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#path-traversal-by-monkey-patching-buffer-internals-cve-2024-21896---high
 CVE-2024-22019
-	- nodejs <unfixed>
+	- nodejs <unfixed> (bug #1064055)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high
 CVE-2024-21892
-	- nodejs <unfixed>
+	- nodejs <unfixed> (bug #1064055)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high
 CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote ...)
 	NOT-FOR-US: flusity CMS
@@ -969,7 +969,7 @@ CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/355afea485550e8214ac6b449fb210a7efb71365 (v0.28.2)
 	TODO: unclear range of affected versions: while the report claims it is new in v0.28.0 the QuickTimeVideo::multipleEntriesDecoder is present earlier
 CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...)
-	- azure-uamqp-python <unfixed>
+	- azure-uamqp-python <unfixed> (bug #1064051)
 	NOTE: https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695
 	NOTE: https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v
 CVE-2024-25108 (Pixelfed is an open source photo sharing platform. When processing req ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8300f1e57a8ef713b12f8053c6c964c26e15cdae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8300f1e57a8ef713b12f8053c6c964c26e15cdae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240216/59da458e/attachment.htm>