Bug#1036702: marked as done (qtbase-opensource-src-gles: CVE-2023-32763)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 24 May 2023 18:20:48 +0000
with message-id <E1q1t6O-00GVRV-5z@fasolo.debian.org>
and subject line Bug#1036702: fixed in qtbase-opensource-src-gles 5.15.8+dfsg-3
has caused the Debian Bug report #1036702,
regarding qtbase-opensource-src-gles: CVE-2023-32763
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036702: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036702
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: qtbase-opensource-src-gles: CVE-2023-32762
• From: Moritz Mühlenhoff <jmm@inutil.org>
• Date: Wed, 24 May 2023 15:50:06 +0200
• Message-id: <[🔎] ZG4WDsHHheFgDq9k@pisco.westfalen.local>

Source: qtbase-opensource-src-gles
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for qtbase-opensource-src-gles.

CVE-2023-32762[0]:
https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305

Per IRC thus likely also affects the -gles variant

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32762
    https://www.cve.org/CVERecord?id=CVE-2023-32762

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

• To: 1036702-close@bugs.debian.org
• Subject: Bug#1036702: fixed in qtbase-opensource-src-gles 5.15.8+dfsg-3
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Wed, 24 May 2023 18:20:48 +0000
• Message-id: <E1q1t6O-00GVRV-5z@fasolo.debian.org>
• Reply-to: Dmitry Shachnev <mitya57@debian.org>

Source: qtbase-opensource-src-gles
Source-Version: 5.15.8+dfsg-3
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src-gles, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036702@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src-gles package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 24 May 2023 20:52:26 +0300
Source: qtbase-opensource-src-gles
Architecture: source
Version: 5.15.8+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1036702
Changes:
 qtbase-opensource-src-gles (5.15.8+dfsg-3) unstable; urgency=medium
 .
   * Add a patch to fix CVE-2023-32763: buffer overflow in Qt SVG
     (closes: #1036702).
Checksums-Sha1:
 c8f4f6e031cf918e6601cfaa08e76fe7eed16752 3701 qtbase-opensource-src-gles_5.15.8+dfsg-3.dsc
 9c32fc55f9c3fc51ab3873c4ad45c59ba41c8dd9 133408 qtbase-opensource-src-gles_5.15.8+dfsg-3.debian.tar.xz
 a4966d992b62e03f95f685e303df9b4cc95bc25b 15795 qtbase-opensource-src-gles_5.15.8+dfsg-3_source.buildinfo
Checksums-Sha256:
 2a7ea9a0e5ef1b7c6ece338dd7cf4d50d2d1f61454611207f85bc2ab40c717cf 3701 qtbase-opensource-src-gles_5.15.8+dfsg-3.dsc
 e10a9129f932e977bceca25fa6469dd36213994f9903094c2172957bce0d9e6e 133408 qtbase-opensource-src-gles_5.15.8+dfsg-3.debian.tar.xz
 cbd7077d8afbfa2e2d417da0dcefcbfcc912d5b7e95419649fa6c15ce37a63e5 15795 qtbase-opensource-src-gles_5.15.8+dfsg-3_source.buildinfo
Files:
 edf458fe576bb0d9b171148a03b263e3 3701 libs optional qtbase-opensource-src-gles_5.15.8+dfsg-3.dsc
 21d405cd000591a9fd8810a5f5300eb9 133408 libs optional qtbase-opensource-src-gles_5.15.8+dfsg-3.debian.tar.xz
 28dd3d1a7e55ef9818305cfcc7f35b47 15795 libs optional qtbase-opensource-src-gles_5.15.8+dfsg-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE5688gqe4PSusUZcLZkYmW1hrg8sFAmRuUEkTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBmRiZbWGuDy+v9EACAS1NkORcdEo/Wn0eMNS9rK/eVTW1L
nkNrwKjCVTsNrzUPGRAef8snx+toAt6z4NGmeD1apCud2BSKHDwsGfPLixrpYgds
EkxuHo+4BTPx/tX7LmbX2VUExRozpPtlQDkUo0kzR5Y/voqigJMkCWNHqSZbEnMi
LUuvjevk5PkTKFj0OlercfCxtRyi3m7pQaKEZK9djlIPvvpCBax1gT8uq20PRCC3
7t5xQQSr8/23Ab9qAYekJYkCWLFdGSSq38flqVWrLm73OKCXstIV9JaOnYMeXPlk
vjzy7uTNrpGCbwgbhwpy+7AqZOIlVtmwr/BxQRrsn7nAEzpovOt1/8OjoUxAMEwl
oU4bkJKIRFJhU1wDUT/foJVrWr60CLgaOP1IwqN2vYLeEQE93r9YYc+7rAnXYSF9
zxNC+nX/j96OYvTvFOZ3sNC1FTF4/9nXPizUEMXpfBSsDgmLNdSraDgr6400n6Gj
HAkdiCnQVU/TVDwjnc5K/zzHwgr/vxTTCsvHy0REG2mLnBDjZyt2yQofE+Ip8lQI
+S/A0vXpf+D4afuXoEUaoIrognPlfA2JkJ0dYctOEfIgDH8s5X/nPMJaNRITZb9v
EX1hifQF+hdEaQ8x3h3PJ1zqPgyfF2uId0KbL1dg3u8O7a0HtklsW72m2A5dd1Z8
1OqfAbx5zlu+vg==
=g5L2
-----END PGP SIGNATURE-----

--- End Message ---