[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-0569 and CVE-2020-0570

Thu, 30 Jan 2020 11:57:19 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6d5b0ea5 by Salvatore Bonaccorso at 2020-01-30T20:56:20+01:00
Update information on CVE-2020-0569 and CVE-2020-0570

For CVE-2020-0570 Lisandro asked back to upstream about confirmation on
the affected ranges. Upstream confirmed that the issue is not present
before 5.12:

> The patch just make sure that we don't do wrong call when the search 
prefixes
> contains '/'
> But before 5.12 (commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d), there 
were
> no search prefixes with '/' in them.
> So no need to apply the patch in earlier versions.

Remove as well the now uneeded TODO item from CVE-2020-0569, as the
issue does not apply to the old qt4-x11.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20928,12 +20928,12 @@ CVE-2020-0570
        [stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.0 
through 5.14.0)
        NOTE: https://bugreports.qt.io/browse/QTBUG-81272
        NOTE: Patch: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd
+       NOTE: 
https://lists.qt-project.org/pipermail/development/2020-January/038534.html
 CVE-2020-0569
        RESERVED
        - qtbase-opensource-src <unfixed>
        NOTE: Patch for 5.6.0 through 5.13.2: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404
        NOTE: Patch for 5.0.0 through 5.5.1: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
-       TODO: check qt4-x11
 CVE-2020-0568
        RESERVED
 CVE-2020-0567



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d5b0ea55c4f5f2d1498d76b835d2e4f4fab01bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6d5b0ea55c4f5f2d1498d76b835d2e4f4fab01bc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to