[Git][security-tracker-team/security-tracker][master] Add CVE-2024-39936/Qt

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6764347b by Salvatore Bonaccorso at 2024-07-06T09:08:11+02:00
Add CVE-2024-39936/Qt

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99,7 +99,13 @@ CVE-2024-39943 (rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UN
 CVE-2024-39937 (supOS 5.0 allows api/image/download?fileName=../ directory traversal f ...)
 	NOT-FOR-US: supOS
 CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2. ...)
-	TODO: check
+	- qt6-base <unfixed>
+	- qtbase-opensource-src <unfixed>
+	- qtbase-opensource-src-gles <unfixed>
+	[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
+	[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
+	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/571601
+	NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=b1e75376cc3adfc7da5502a277dfe9711f3e0536
 CVE-2024-39935 (jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certifi ...)
 	NOT-FOR-US: jc21 NGINX Proxy Manager
 CVE-2024-39485 (In the Linux kernel, the following vulnerability has been resolved:  m ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6764347b62e8b751f591f56d1104f89eebe6dc61

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6764347b62e8b751f591f56d1104f89eebe6dc61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240706/159a4cb6/attachment-0001.htm>