[Git][security-tracker-team/security-tracker][master] Integrate updates for CVE-2024-25580
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 16 20:33:17 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
664b6d92 by Salvatore Bonaccorso at 2024-02-16T21:32:04+01:00
Integrate updates for CVE-2024-25580
As suggested by James Addison add a reference to the blog entry for
CVE-2024-25580 and while at it update the status for buster as reported.
Link: https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/165
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,11 +57,13 @@ CVE-2024-25580 [QT KTX buffer overflow]
[experimental] - qt6-base 6.6.2+dfsg-1
- qt6-base <unfixed> (bug #1064052)
- qtbase-opensource-src <unfixed> (bug #1064053)
+ [buster] - qtbase-opensource-src <not-affected> (Vulnerable code not present)
- qtbase-opensource-src-gles <unfixed> (bug #1064054)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264423
NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=28ecb523ce8490bff38b251b3df703c72e057519
NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dec1863c7dc63e5788b0c6c061d36e856a6ae2b2 (v6.6.2)
NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff
+ NOTE: https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images
CVE-2024-25415 (A remote code execution (RCE) vulnerability in /admin/define_language. ...)
NOT-FOR-US: CE Phoenix
CVE-2024-25414 (An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/664b6d921e27672e22e31919086449214e91b151
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/664b6d921e27672e22e31919086449214e91b151
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240216/73d00a93/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list