[Git][security-tracker-team/security-tracker][master] Integrate updates for CVE-2024-25580

Fri, 16 Feb 2024 12:34:45 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
664b6d92 by Salvatore Bonaccorso at 2024-02-16T21:32:04+01:00
Integrate updates for CVE-2024-25580

As suggested by James Addison add a reference to the blog entry for
CVE-2024-25580 and while at it update the status for buster as reported.

Link: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/165

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57,11 +57,13 @@ CVE-2024-25580 [QT KTX buffer overflow]
        [experimental] - qt6-base 6.6.2+dfsg-1
        - qt6-base <unfixed> (bug #1064052)
        - qtbase-opensource-src <unfixed> (bug #1064053)
+       [buster] - qtbase-opensource-src <not-affected> (Vulnerable code not 
present)
        - qtbase-opensource-src-gles <unfixed> (bug #1064054)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264423
        NOTE: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=28ecb523ce8490bff38b251b3df703c72e057519
        NOTE: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dec1863c7dc63e5788b0c6c061d36e856a6ae2b2
 (v6.6.2)
        NOTE: 
https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff
+       NOTE: 
https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images
 CVE-2024-25415 (A remote code execution (RCE) vulnerability in 
/admin/define_language. ...)
        NOT-FOR-US: CE Phoenix
 CVE-2024-25414 (An arbitrary file upload vulnerability in /admin/upgrade of 
CSZ CMS v1 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/664b6d921e27672e22e31919086449214e91b151

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/664b6d921e27672e22e31919086449214e91b151
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to