Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc4a984d by Thorsten Alteholz at 2024-05-01T00:38:32+02:00
Reserve DLA-3805-1 for qtbase-opensource-src
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31267,7 +31267,6 @@ CVE-2023-51714 (An issue was discovered in the HTTP2
implementation in Qt before
- qtbase-opensource-src 5.15.10+dfsg-6 (bug #1060694)
[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qtbase-opensource-src-gles 5.15.10+dfsg-4 (bug #1060695)
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -56030,7 +56029,6 @@ CVE-2023-37369 (In Qt before 5.15.15, 6.x before 6.2.9,
and 6.3.x through 6.5.x
- qtbase-opensource-src 5.15.10+dfsg-3
[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/455027
@@ -57800,7 +57798,6 @@ CVE-2023-38197 (An issue was discovered in Qt before
5.15.15, 6.x before 6.2.10,
- qtbase-opensource-src 5.15.10+dfsg-3 (bug #1041105)
[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader-1
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/488960
@@ -64088,7 +64085,6 @@ CVE-2023-33285 (An issue was discovered in Qt 5.x
before 5.15.14, 6.x before 6.2
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.8+dfsg-11
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qtbase-opensource-src-gles 5.15.10+dfsg-2
[bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
@@ -64260,7 +64256,6 @@ CVE-2023-32763 (An issue was discovered in Qt before
5.15.15, 6.x before 6.2.9,
- qt6-base 6.4.2+dfsg-8
- qtbase-opensource-src 5.15.8+dfsg-10
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702)
[bullseye] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
- qt4-x11 <removed>
@@ -64273,7 +64268,6 @@ CVE-2023-32762 (An issue was discovered in Qt before
5.15.14, 6.x before 6.2.9,
- qt6-base 6.4.2+dfsg-9
- qtbase-opensource-src 5.15.8+dfsg-10
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- [buster] - qtbase-opensource-src <postponed> (Can wait for next upload)
- qtbase-opensource-src-gles <not-affected> (Not built in GLES variant)
NOTE:
https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
CVE-2023-34408 (DokuWiki before 2023-04-04a allows XSS via RSS titles.)
@@ -86282,7 +86276,6 @@ CVE-2022-48286 (The multi-screen collaboration module
has a privilege escalation
CVE-2023-24607 (Qt before 6.4.3 allows a denial of service via a crafted
string when t ...)
- qtbase-opensource-src 5.15.8+dfsg-3 (bug #1031872)
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
- [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qt6-base 6.4.2+dfsg-7 (bug #1031871)
- qtbase-opensource-src-gles <not-affected> (GLES build only ships
libqt5gui5, not the DB modules, see #1031873)
NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 May 2024] DLA-3805-1 qtbase-opensource-src - security update
+ {CVE-2023-24607 CVE-2023-32762 CVE-2023-32763 CVE-2023-33285
CVE-2023-37369 CVE-2023-38197 CVE-2023-51714}
+ [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u6
[30 Apr 2024] DLA-3804-1 nghttp2 - security update
{CVE-2024-28182}
[buster] - nghttp2 1.36.0-2+deb10u3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc4a984d2ee54dc51ecee2b4ff8a807dd75976ed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc4a984d2ee54dc51ecee2b4ff8a807dd75976ed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
