[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-23884/qtimageformats-opensource-src: bullseye postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Thu Nov 21 10:00:49 GMT 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b9a7a2e by Sylvain Beucler at 2024-11-21T11:00:40+01:00
CVE-2020-23884/qtimageformats-opensource-src: bullseye postponed

- - - - -
beffa553 by Sylvain Beucler at 2024-11-21T11:00:42+01:00
CVE-2024-8796/ruby-devise-two-factor: bullseye ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17969,6 +17969,7 @@ CVE-2024-8897 (Under certain conditions, an attacker with the ability to redirec
 CVE-2024-8796 (Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ...)
 	- ruby-devise-two-factor <unfixed> (bug #1082382)
 	[bookworm] - ruby-devise-two-factor <ignored> (Minor issue)
+	[bullseye] - ruby-devise-two-factor <ignored> (Minor issue, requires dependencies to regenerate secrets)
 	NOTE: https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-qjxf-mc72-wjr2
 CVE-2024-8767 (Sensitive data disclosure and manipulation due to unnecessary privileg ...)
 	NOT-FOR-US: Acronis
@@ -328310,6 +328311,7 @@ CVE-2020-23884 (A buffer overflow in Nomacs v3.15.0 allows attackers to cause a
 	- qt6-base <not-affected> (Fixed before initial upload to the archive)
 	- qtimageformats-opensource-src 5.15.15-3 (bug #1014124)
 	[bookworm] - qtimageformats-opensource-src <no-dsa> (Minor issue)
+	[bullseye] - qtimageformats-opensource-src <postponed> (Minor issue, DoS)
 	NOTE: Originally reported/assigned to nomac, but actual issue is in Qt:
 	NOTE: https://github.com/nomacs/nomacs/issues/516
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/303313



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05be7ed09f75de793208149790111c589fd86822...beffa5537e1c6af4abea2cce43a819a818d3a05a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05be7ed09f75de793208149790111c589fd86822...beffa5537e1c6af4abea2cce43a819a818d3a05a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241121/f7a6283f/attachment.htm>

More information about the debian-security-tracker-commits mailing list