[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f594031 by Moritz Muehlenhoff at 2024-02-20T10:51:04+01:00
bookworm/bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -297,6 +297,8 @@ CVE-2023-50951 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak f
 	NOT-FOR-US: IBM
 CVE-2023-45918 (ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...)
 	- ncurses 6.4+20230625-1
+	[bookworm] - ncurses <no-dsa> (Minor issue)
+	[bullseye] - ncurses <no-dsa> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html
 	NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20230615
 	NOTE: Fixed in ncurses-6.4-20230615 patchlevel
@@ -363,9 +365,14 @@ CVE-2024-0793
 CVE-2024-25580 [QT KTX buffer overflow]
 	[experimental] - qt6-base 6.6.2+dfsg-1
 	- qt6-base <unfixed> (bug #1064052)
+	[bookworm] - qt6-base <no-dsa> (Minor issue)
 	- qtbase-opensource-src 5.15.10+dfsg-7 (bug #1064053)
+	[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
+	[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
 	[buster] - qtbase-opensource-src <not-affected> (Vulnerable code not present)
 	- qtbase-opensource-src-gles <unfixed> (bug #1064054)
+	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
+	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264423
 	NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=28ecb523ce8490bff38b251b3df703c72e057519
 	NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dec1863c7dc63e5788b0c6c061d36e856a6ae2b2 (v6.6.2)
@@ -1530,6 +1537,8 @@ CVE-2024-1454 (The use-after-free vulnerability was found in the AuthentIC drive
 	NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9
 CVE-2023-6681 (A vulnerability was found in JWCrypto. This flaw allows an attacker to ...)
 	- python-jwcrypto <unfixed>
+	[bookworm] - python-jwcrypto <no-dsa> (Minor issue)
+	[bullseye] - python-jwcrypto <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2260843
 CVE-2023-6110 [deleting a non existing access rule deletes another existing access rule in it's scope]
 	- python-openstackclient <unfixed>


=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ composer (seb)
 --
 cryptojs
 --
+dav1d
+--
 dnsdist (jmm)
 --
 frr



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f594031caf98a253689a0d3ce5228221070eef2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f594031caf98a253689a0d3ce5228221070eef2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240220/3c94aec2/attachment-0001.htm>