Thank you for your contribution to Debian.
Mapping bullseye to oldstable.
Mapping oldstable to oldstable-proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Apr 2024 22:48:02 +0200
Source: qtbase-opensource-src
Architecture: source
Version: 5.15.2+dfsg-9+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1031872 1036702 1036848 1037210 1041105 1059302 1060694 1064053
Changes:
qtbase-opensource-src (5.15.2+dfsg-9+deb11u1) bullseye; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2024-25580 (Closes: #1064053)
fix buffer overflow due to crafted KTX image file
* CVE-2023-32763 (Closes: #1036702)
fix QTextLayout buffer overflow due to crafted SVG file
* CVE-2022-25255
prevent QProcess from execution of a binary from the current working
directory when not found in the PATH
* CVE-2023-24607 (Closes: #1031872)
fix denial of service via a crafted string when the SQL ODBC driver
plugin is used
* fix regression caused by patch for CVE-2023-24607
* CVE-2023-32762
prevent incorrect parsing of the strict-transport-security (HSTS) header
* CVE-2023-51714 (Closes: #1060694)
fix incorrect HPack integer overflow check.
* CVE-2023-38197 (Closes: #1041105)
fix infinite loop in recursive entity expansion
* CVE-2023-37369 (Closes: #1059302)
fix crash of application in QXmlStreamReader due to crafted XML string
* CVE-2023-34410 (Closes: #1037210)
fix checking during TLS whether root of the chain really is a
configured CA certificate
* CVE-2023-33285 (Closes: #1036848)
fix buffer overflow in QDnsLookup
Checksums-Sha1:
6e16146f78475c11c4dda7d6f2f65e57fdb0e29e 5641 qtbase-opensource-src_5.15.2+dfsg-9+deb11u1.dsc
130e02045fc0817e521a5e979e5c4791ea32bb2b 48055144 qtbase-opensource-src_5.15.2+dfsg.orig.tar.xz
1a9ee70661e4c9b81869966c55677c155a2bd2e0 273028 qtbase-opensource-src_5.15.2+dfsg-9+deb11u1.debian.tar.xz
ff4c258d3f2f37754a5c2ca3a0821f9bb80c49ee 35848 qtbase-opensource-src_5.15.2+dfsg-9+deb11u1_amd64.buildinfo
Checksums-Sha256:
c0a433401e556ecc90f4aac049cd95a054b3ba736f325039edc367c76b3d8eb1 5641 qtbase-opensource-src_5.15.2+dfsg-9+deb11u1.dsc
9ed5e0ab96a04daec5383a5e642d0308ca8246359a4c857a73a5c58d806237bb 48055144 qtbase-opensource-src_5.15.2+dfsg.orig.tar.xz
29a9be7d1ed654ea53c5f01d00c613a3d2c44e515f4fefc01340167c9c8c0fa8 273028 qtbase-opensource-src_5.15.2+dfsg-9+deb11u1.debian.tar.xz
271951118c9e6b1ee010cd091253437342dc3277439981de3a5cd592cfca9fca 35848 qtbase-opensource-src_5.15.2+dfsg-9+deb11u1_amd64.buildinfo
Files:
165f1cc5e44cc75dc0ebf13a249f8a0f 5641 libs optional qtbase-opensource-src_5.15.2+dfsg-9+deb11u1.dsc
c0e684ed6ee9d24e4509d64ceb9764cf 48055144 libs optional qtbase-opensource-src_5.15.2+dfsg.orig.tar.xz
f84b2a84c64c6cec1b2c6d2c0dc4bc05 273028 libs optional qtbase-opensource-src_5.15.2+dfsg-9+deb11u1.debian.tar.xz
68690ed0fe2e8e2abd2b08c3723a1dde 35848 libs optional qtbase-opensource-src_5.15.2+dfsg-9+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmZA2mpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR+cJD/9Y5SmHa87XNkeyEkVJEG7y7G/ZPs4d
alpPnnrgKEDau1IFhaa5kEM6K3mWZG0krpOkHc9mNo6tSU5OrY21xvpgCt1URLur
SSipqijUnTtbqEdiMJI1QLhzHobWThwpkmRoq1ENA4zTilPQE1b1Aqzuh26HZKKw
P4lGfL64YjaXqNrzajWWINBXYWIt7xp6R9Lv0coxGvv0Z+yyLgL3vqObf38O7/Fx
FG5WDQr+sOSy5V6giqNDDao1bsEoBI3E9xRyAOGtV8+bqNUTrpCHZpm1y7L9vRIP
sZiSwgLmYpSyWLsSaCPd1cC52YBYSuXh3Mo1Cj/81reeCehMs4nrc9KocukjJPS/
JNSCugNyqlSYFActfBpJr5GDezdXiUzjPu9h8KAsMFnIqjLG59vW8qgBUCLsoWzc
GJN1F2cDyaA8CU4UKhNhGgQXxYNllOfsspa8i0EQe/5NJrWg/B8Z79QinywPkTwQ
2ScerdgvVzFwlpi+txLJUk//7sh+8Ai7UigIsC0gcRLrOAt8xFuaU/KtLUhcF5TL
JPi0zSuBmIB29WgbwhF5IltmyWJ2xDduWCkLXBzskIqYqJSS6+V7pqobmHV3gLc+
sP/q9n/QlNNZLVw9AGTY2PqN9BIuNZHoLOXorwfPFmFTuX++rlfLP/oUlgUjGhZy
aRn2aSVwPXotBA==
=9HiB
-----END PGP SIGNATURE-----
Attachment:
pgpkOCTqKTriv.pgp
Description: PGP signature