[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-28144/hotspot
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 4 07:42:33 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5a82713 by Salvatore Bonaccorso at 2026-03-04T08:40:17+01:00
Update status for CVE-2023-28144/hotspot
Consider the commit introducing the opt-in for temporary privilege
escalation as the "fixing commit". Update status for unstable, with the
first version including the change.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -296402,14 +296402,14 @@ CVE-2023-28146
CVE-2023-28145
RESERVED
CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configura ...)
- - hotspot <unfixed> (bug #1033848)
+ - hotspot 1.6.0-0.1 (bug #1033848)
[bookworm] - hotspot <no-dsa> (Minor issue)
[bullseye] - hotspot <no-dsa> (Minor issue)
[buster] - hotspot <not-affected> (Vulnerable code not present, introduced in 1.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/8
NOTE: Introduced by: https://github.com/KDAB/hotspot/commit/3b4682565f0e53f903f3ad0f3f2c0f236d382efb (v1.3.0)
NOTE: Opt-In to allow privilege escalation (and disable by default):
- NOTE: https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c
+ NOTE: https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c (v1.5.0)
CVE-2023-1356 (Reflected cross-site scripting in the StudentSearch component in IDAtt ...)
NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-1355 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.140 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5a827135004575c710f9ac243a789d895c0eb40
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5a827135004575c710f9ac243a789d895c0eb40
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260304/cae6b977/attachment.htm>
More information about the debian-security-tracker-commits
mailing list