[Git][security-tracker-team/security-tracker][master] CVE-2024-1433: drop plasma-framework and reference introductory commit

Mon, 17 Jun 2024 10:13:51 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f8624b3 by Sylvain Beucler at 2024-06-17T19:13:21+02:00
CVE-2024-1433: drop plasma-framework and reference introductory commit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40435,18 +40435,13 @@ CVE-2024-24796 (Deserialization of Untrusted Data 
vulnerability in MagePeople Te
 CVE-2024-23513 (Deserialization of Untrusted Data vulnerability in 
PropertyHive.This i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-1433 (A vulnerability, which was classified as problematic, was found 
in KDE ...)
-       - plasma-framework <unfixed>
-       [bookworm] - plasma-framework <no-dsa> (Minor issue)
-       [bullseye] - plasma-framework <no-dsa> (Minor issue)
-       [buster] - plasma-framework <no-dsa> (Minor issue)
        - plasma-workspace <unfixed> (bug #1064063)
-       [bookworm] - plasma-workspace <no-dsa> (Minor issue)
+       [bookworm] - plasma-workspace <no-dsa> (Vulnerable code introduced 
later)
        [bullseye] - plasma-workspace <not-affected> (Vulnerable code 
introduced later)
        [buster] - plasma-workspace <not-affected> (Vulnerable code introduced 
later)
-       NOTE: 
https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01
 (v6.0.90)
-       NOTE: Affected code moved from plasma-framework (where v5.27.80 seems 
to be a bogus tag) to plasma-workspace:
-       NOTE: 
https://github.com/KDE/plasma-framework/commit/5c47afd8b1bcd6c8d2b33d9560b28eafa52e5755
 (v6.0.0)
-       NOTE: 
https://github.com/KDE/plasma-workspace/commit/3a44ac83bf16dcb42e0a72402dd6e653b21aabfe
 (v5.25.90)
+       NOTE: Fixed by: 
https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01
 (v6.0.90)
+       NOTE: Introduced by: 
https://github.com/KDE/plasma-workspace/commit/23940dbb90b99e96ebeaede14779d2582634bde3
 (5.93.0)
+       NOTE: Prior versions don't use 'pluginId' but the full path plugin 
directly (without path construction/traversal)
 CVE-2023-52429 (dm_table_create in drivers/md/dm-table.c in the Linux kernel 
through 6 ...)
        {DSA-5681-1}
        - linux 6.7.7-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8624b3c13f84e0233f8f893bce99090a7dd3a2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f8624b3c13f84e0233f8f893bce99090a7dd3a2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to