Branch sisyphus update bulletin.

Package unzip updated to version 6.0-alt5 for branch sisyphus in task 308257.

Published: 2022-08-24
Modified: 2024-11-21

CVE-2021-4217

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

Package python3-module-paramiko updated to version 2.11.0-alt1 for branch sisyphus in task 308231.

Published: 2022-03-28

BDU:2022-01897

Уязвимость реализации протокола SSHv2 библиотеки Paramiko, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2022-24302

Published: 2022-03-18
Modified: 2024-11-21

CVE-2022-24302

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Package qt5-base updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-declarative updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-xmlpatterns updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-tools updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-websockets updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-multimedia updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-serialport updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-location updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-sensors updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-webglplugin updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-webchannel updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-quickcontrols updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-script updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-x11extras updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-imageformats updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-svg updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-quickcontrols2 updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-quicktimeline updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-connectivity updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-serialbus updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-translations updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-graphicaleffects updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-doc updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-wayland updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-3d updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-virtualkeyboard updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-scxml updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-charts updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-speech updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-datavis3d updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-gamepad updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-webview updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-networkauth updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package qt5-remoteobjects updated to version 5.15.6-alt1 for branch sisyphus in task 308230.

Published: 2021-08-12
Modified: 2024-11-21

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package lrzsz updated to version 0.12.20-alt2 for branch sisyphus in task 308272.

Published: 2018-04-18

BDU:2021-04617

Уязвимость функции zsdata инструментов для передачи файлов zmodem/xmodem/ymodem Lrzsz, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References:

CVE-2018-10195

Published: 2021-06-02
Modified: 2024-11-21

CVE-2018-10195

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References:

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla

Version: 2.1.0