172 lines
6.5 KiB
JSON
172 lines
6.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20246650",
|
|
"Version": "oval:org.altlinux.errata:def:20246650",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2024-6650: package `qt5-declarative` update to version 5.15.13-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p10"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2024-6650",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-6650",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2023-02373",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2023-02373",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2023-24607",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24607",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades qt5-declarative to version 5.15.13-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02373: Уязвимость плагина SQL ODBC кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-24607: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2024-04-27"
|
|
},
|
|
"Updated": {
|
|
"Date": "2024-04-27"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2023-02373",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
|
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-20, CWE-404",
|
|
"Href": "https://bdu.fstec.ru/vul/2023-02373",
|
|
"Impact": "High",
|
|
"Public": "20230415"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2023-24607",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24607",
|
|
"Impact": "High",
|
|
"Public": "20230415"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:10",
|
|
"cpe:/o:alt:workstation:10",
|
|
"cpe:/o:alt:server:10",
|
|
"cpe:/o:alt:server-v:10",
|
|
"cpe:/o:alt:education:10",
|
|
"cpe:/o:alt:slinux:10",
|
|
"cpe:/o:alt:starterkit:p10",
|
|
"cpe:/o:alt:kworkstation:10.1",
|
|
"cpe:/o:alt:workstation:10.1",
|
|
"cpe:/o:alt:server:10.1",
|
|
"cpe:/o:alt:server-v:10.1",
|
|
"cpe:/o:alt:education:10.1",
|
|
"cpe:/o:alt:slinux:10.1",
|
|
"cpe:/o:alt:starterkit:10.1",
|
|
"cpe:/o:alt:kworkstation:10.2",
|
|
"cpe:/o:alt:workstation:10.2",
|
|
"cpe:/o:alt:server:10.2",
|
|
"cpe:/o:alt:server-v:10.2",
|
|
"cpe:/o:alt:education:10.2",
|
|
"cpe:/o:alt:slinux:10.2",
|
|
"cpe:/o:alt:starterkit:10.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650001",
|
|
"Comment": "libqt5-qml is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650002",
|
|
"Comment": "libqt5-qmlmodels is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650003",
|
|
"Comment": "libqt5-qmlworkerscript is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650004",
|
|
"Comment": "libqt5-quick is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650005",
|
|
"Comment": "libqt5-quickparticles is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650006",
|
|
"Comment": "libqt5-quickshapes is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650007",
|
|
"Comment": "libqt5-quicktest is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650008",
|
|
"Comment": "libqt5-quickwidgets is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650009",
|
|
"Comment": "qt5-declarative-common is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650010",
|
|
"Comment": "qt5-declarative-devel is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650011",
|
|
"Comment": "qt5-declarative-devel-static is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650012",
|
|
"Comment": "qt5-declarative-doc is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246650013",
|
|
"Comment": "rpm-build-qml is earlier than 0:5.15.13-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |