[Git][security-tracker-team/security-tracker][master] CVE-2024-1433: drop plasma-framework and reference introductory commit

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f8624b3 by Sylvain Beucler at 2024-06-17T19:13:21+02:00
CVE-2024-1433: drop plasma-framework and reference introductory commit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40435,18 +40435,13 @@ CVE-2024-24796 (Deserialization of Untrusted Data vulnerability in MagePeople Te
 CVE-2024-23513 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1433 (A vulnerability, which was classified as problematic, was found in KDE ...)
-	- plasma-framework <unfixed>
-	[bookworm] - plasma-framework <no-dsa> (Minor issue)
-	[bullseye] - plasma-framework <no-dsa> (Minor issue)
-	[buster] - plasma-framework <no-dsa> (Minor issue)
 	- plasma-workspace <unfixed> (bug #1064063)
-	[bookworm] - plasma-workspace <no-dsa> (Minor issue)
+	[bookworm] - plasma-workspace <no-dsa> (Vulnerable code introduced later)
 	[bullseye] - plasma-workspace <not-affected> (Vulnerable code introduced later)
 	[buster] - plasma-workspace <not-affected> (Vulnerable code introduced later)
-	NOTE: https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01 (v6.0.90)
-	NOTE: Affected code moved from plasma-framework (where v5.27.80 seems to be a bogus tag) to plasma-workspace:
-	NOTE: https://github.com/KDE/plasma-framework/commit/5c47afd8b1bcd6c8d2b33d9560b28eafa52e5755 (v6.0.0)
-	NOTE: https://github.com/KDE/plasma-workspace/commit/3a44ac83bf16dcb42e0a72402dd6e653b21aabfe (v5.25.90)
+	NOTE: Fixed by: https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01 (v6.0.90)
+	NOTE: Introduced by: https://github.com/KDE/plasma-workspace/commit/23940dbb90b99e96ebeaede14779d2582634bde3 (5.93.0)
+	NOTE: Prior versions don't use 'pluginId' but the full path plugin directly (without path construction/traversal)
 CVE-2023-52429 (dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6 ...)
 	{DSA-5681-1}
 	- linux 6.7.7-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8624b3c13f84e0233f8f893bce99090a7dd3a2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8624b3c13f84e0233f8f893bce99090a7dd3a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240617/bbf6f9c7/attachment.htm>