Bug#1036702: qtbase-opensource-src-gles: CVE-2023-32762

To: 1036702@bugs.debian.org
Subject: Bug#1036702: qtbase-opensource-src-gles: CVE-2023-32762
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 24 May 2023 16:00:31 +0200
Message-id: <[🔎] ZG4Yf6klZjMxf1Ph@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1036702@bugs.debian.org
In-reply-to: <[🔎] ZG4WDsHHheFgDq9k@pisco.westfalen.local>
References: <[🔎] ZG4WDsHHheFgDq9k@pisco.westfalen.local> <[🔎] ZG4WDsHHheFgDq9k@pisco.westfalen.local>

Am Wed, May 24, 2023 at 03:50:06PM +0200 schrieb Moritz Mühlenhoff:
> Source: qtbase-opensource-src-gles
> X-Debbugs-CC: team@security.debian.org
> Severity: important
> Tags: security
> 
> Hi,
> 
> The following vulnerability was published for qtbase-opensource-src-gles.
> 
> CVE-2023-32762[0]:
> https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
> 
> Per IRC thus likely also affects the -gles variant

Confused the CVE IDs, this is for CVE-2023-32763, which is the SVG issue.
CVE-2023-32762 being about HSTS should not affect -gles.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#1036702: qtbase-opensource-src-gles: CVE-2023-32762
  - From: Dmitry Shachnev <mitya57@debian.org>

References:
- Bug#1036702: qtbase-opensource-src-gles: CVE-2023-32762
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: Checksum error in some packages
Next by Date: Processed: tagging 1036701, tagging 1036703, tagging 1036702
Previous by thread: Bug#1036702: qtbase-opensource-src-gles: CVE-2023-32762
Next by thread: Bug#1036702: qtbase-opensource-src-gles: CVE-2023-32762
Index(es):
- Date
- Thread