[Git][security-tracker-team/security-tracker][master] CVE-2024-1433 does not affect plasma-workspace <= bullseye, but does affect plasma-framework < 6

Wed Jun 12 01:08:36 BST 2024


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab746533 by Adrian Bunk at 2024-06-12T03:06:02+03:00
CVE-2024-1433 does not affect plasma-workspace <= bullseye, but does affect plasma-framework < 6

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38866,11 +38866,18 @@ CVE-2024-24796 (Deserialization of Untrusted Data vulnerability in MagePeople Te
 CVE-2024-23513 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1433 (A vulnerability, which was classified as problematic, was found in KDE ...)
+	- plasma-framework <unfixed>
+	[bookworm] - plasma-framework <no-dsa> (Minor issue)
+	[bullseye] - plasma-framework <no-dsa> (Minor issue)
+	[buster] - plasma-framework <no-dsa> (Minor issue)
 	- plasma-workspace <unfixed> (bug #1064063)
 	[bookworm] - plasma-workspace <no-dsa> (Minor issue)
-	[bullseye] - plasma-workspace <no-dsa> (Minor issue)
-	[buster] - plasma-workspace <no-dsa> (Minor issue)
+	[bullseye] - plasma-workspace <not-affected> (Vulnerable code introduced later)
+	[buster] - plasma-workspace <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01
+	NOTE: Affected code moved from plasma-framework (where v5.27.80 seems to be a bogus tag) to plasma-workspace:
+	NOTE: https://github.com/KDE/plasma-framework/commit/5c47afd8b1bcd6c8d2b33d9560b28eafa52e5755 (v6.0.0)
+	NOTE: https://github.com/KDE/plasma-workspace/commit/3a44ac83bf16dcb42e0a72402dd6e653b21aabfe (v5.25.90)
 CVE-2023-52429 (dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6 ...)
 	{DSA-5681-1}
 	- linux 6.7.7-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab746533e32480a0196283921992f1191e578998

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab746533e32480a0196283921992f1191e578998
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240612/1847b2ae/attachment.htm>
