[Git][security-tracker-team/security-tracker][master] CVE-2024-1433 does not affect plasma-workspace <= bullseye, but does affect plasma-framework < 6
Adrian Bunk (@bunk)
bunk at debian.org
Wed Jun 12 01:08:36 BST 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab746533 by Adrian Bunk at 2024-06-12T03:06:02+03:00
CVE-2024-1433 does not affect plasma-workspace <= bullseye, but does affect plasma-framework < 6
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38866,11 +38866,18 @@ CVE-2024-24796 (Deserialization of Untrusted Data vulnerability in MagePeople Te
CVE-2024-23513 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1433 (A vulnerability, which was classified as problematic, was found in KDE ...)
+ - plasma-framework <unfixed>
+ [bookworm] - plasma-framework <no-dsa> (Minor issue)
+ [bullseye] - plasma-framework <no-dsa> (Minor issue)
+ [buster] - plasma-framework <no-dsa> (Minor issue)
- plasma-workspace <unfixed> (bug #1064063)
[bookworm] - plasma-workspace <no-dsa> (Minor issue)
- [bullseye] - plasma-workspace <no-dsa> (Minor issue)
- [buster] - plasma-workspace <no-dsa> (Minor issue)
+ [bullseye] - plasma-workspace <not-affected> (Vulnerable code introduced later)
+ [buster] - plasma-workspace <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01
+ NOTE: Affected code moved from plasma-framework (where v5.27.80 seems to be a bogus tag) to plasma-workspace:
+ NOTE: https://github.com/KDE/plasma-framework/commit/5c47afd8b1bcd6c8d2b33d9560b28eafa52e5755 (v6.0.0)
+ NOTE: https://github.com/KDE/plasma-workspace/commit/3a44ac83bf16dcb42e0a72402dd6e653b21aabfe (v5.25.90)
CVE-2023-52429 (dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6 ...)
{DSA-5681-1}
- linux 6.7.7-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab746533e32480a0196283921992f1191e578998
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab746533e32480a0196283921992f1191e578998
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240612/1847b2ae/attachment.htm>
More information about the debian-security-tracker-commits
mailing list