| Summary: | qtbase5, qtbase6 new security issues CVE-2023-51714, CVE-2024-25580 and CVE-2024-39936 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | All Packagers <pkg-bugs> |
| Status: | NEW --- | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | geiger.david68210 |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9TOO | ||
| Source RPM: | qtbase5, qtbase6 | CVE: | CVE-2023-51714, CVE-2024-25580, CVE-2024-39936 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-04-30 16:55:50 CEST
Nicolas Salguero
2024-04-30 16:57:16 CEST
CVE:
(none) =>
CVE-2023-51714, CVE-2024-25580 RedHat: An update for qt5-qtbase is now available * qt: incorrect integer overflow check (CVE-2023-51714) * qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580) For more details about the security issue(s) ... refer to the CVE page(s) listed in the References section. which I do not see. This must be the case for other RedHat advisories where I complain about no sign of the issued fix. Note this is for *both* gt5 & qt6. Assigning globally because different packagers deal with these. Assignee:
bugsquad =>
pkg-bugs For Qt6 in Cauldron: - CVE-2023-51714 was fixes since Qt 6.6.2 that we have - CVE-2024-25580 was fixes since Qt 6.6.2 that we have So Qt5 and Qt6 for mga9 should still be fixed and only Qt5 for Caudron should still be fixed! CC:
(none) =>
geiger.david68210 Fodora has issued an advisory on July 11: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVCBTKX6LVBTP6UEJQZ2PENI2KATSRJK/ CVE:
CVE-2023-51714, CVE-2024-25580 =>
CVE-2023-51714, CVE-2024-25580, CVE-2024-39936 For CVE-2024-39936, the fix is: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=b1e75376cc3adfc7da5502a277dfe9711f3e0536 |