Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d151753 by Salvatore Bonaccorso at 2025-10-05T21:19:08+02:00
Add Debian bug reference for qtsvg related issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -989,13 +989,13 @@ CVE-2025-11234 (A flaw was found in QEMU. If the
QIOChannelWebsock object is fre
CVE-2025-11223 (Installer of Panasonic AutoDownloader version 1.2.8
contains ...)
NOT-FOR-US: Panasonic
CVE-2025-10729 (The module will parse a <pattern> node which is not a child of
a struc ...)
- - qt6-svg <unfixed>
- - qtsvg-opensource-src <unfixed>
+ - qt6-svg <unfixed> (bug #1117445)
+ - qtsvg-opensource-src <unfixed> (bug #1117446)
NOTE: Fixed by: https://codereview.qt-project.org/c/qt/qtsvg/+/676473
NOTE: Fixed by:
https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=7e8898903265d931df0aa54b3913f2c49d4d7bf2
(dev)
NOTE: Fixed by:
https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=6a6273126770006232e805cf1631f93d4919b788
(v6.9.3)
CVE-2025-10728 (When the module renders a Svg file that contains a <pattern>
element, ...)
- - qt6-svg <unfixed>
+ - qt6-svg <unfixed> (bug #1117447)
[bookworm] - qt6-svg <not-affected> (Vulnerable code introduced later)
- qtsvg-opensource-src <not-affected> (Vulnerable code introduced later)
NOTE: https://bugreports.qt.io/browse/QTBUG-137553
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d15175312f2d80a9b82912b89f982b325fa292d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d15175312f2d80a9b82912b89f982b325fa292d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
