Bug#783134: marked as done (qtbase-opensource-src: CVE-2015-1858 CVE-2015-1859 CVE-2015-1860)
Your message dated Mon, 18 May 2015 22:02:00 +0000
with message-id <E1YuT6m-0005Y7-BP@franck.debian.org>
and subject line Bug#783134: fixed in qtbase-opensource-src 5.4.1+dfsg-3
has caused the Debian Bug report #783134,
regarding qtbase-opensource-src: CVE-2015-1858 CVE-2015-1859 CVE-2015-1860
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
783134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783134
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: qtbase-opensource-src: CVE-2015-1858 CVE-2015-1859 CVE-2015-1860
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 22 Apr 2015 20:31:17 +0200
- Message-id: <20150422183117.23074.54552.reportbug@eldamar.local>
Source: qtbase-opensource-src
Version: 5.3.2+dfsg-4
Severity: normal
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for qtbase-opensource-src.
CVE-2015-1858[0]:
segmentation fault in qbmphandler.cpp
CVE-2015-1859[1]:
segmentation fault in qicohandler.cpp
CVE-2015-1860[2]:
segmentation fault in qgifhandler.cpp
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-1858
[1] https://security-tracker.debian.org/tracker/CVE-2015-1859
[2] https://security-tracker.debian.org/tracker/CVE-2015-1860
[3] http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
- To: 783134-close@bugs.debian.org
- Subject: Bug#783134: fixed in qtbase-opensource-src 5.4.1+dfsg-3
- From: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
- Date: Mon, 18 May 2015 22:02:00 +0000
- Message-id: <E1YuT6m-0005Y7-BP@franck.debian.org>
Source: qtbase-opensource-src
Source-Version: 5.4.1+dfsg-3
We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 783134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> (supplier of updated qtbase-opensource-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 13 May 2015 14:14:35 -0300
Source: qtbase-opensource-src
Binary: libqt5core5a libqt5gui5 libqt5libqgtk2 libqt5network5 libqt5opengl5 libqt5sql5 libqt5sql5-mysql libqt5sql5-odbc libqt5sql5-psql libqt5sql5-sqlite libqt5sql5-tds libqt5xml5 libqt5dbus5 libqt5test5 libqt5concurrent5 libqt5widgets5 libqt5printsupport5 qtbase5-dev qtbase5-private-dev libqt5opengl5-dev qtbase5-dev-tools qt5-qmake qtbase5-examples qtbase5-dbg qtbase5-dev-tools-dbg qtbase5-examples-dbg qt5-default qtbase5-doc-html
Architecture: source amd64 all
Version: 5.4.1+dfsg-3
Distribution: experimental
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Description:
libqt5concurrent5 - Qt 5 concurrent module
libqt5core5a - Qt 5 core module
libqt5dbus5 - Qt 5 D-Bus module
libqt5gui5 - Qt 5 GUI module
libqt5libqgtk2 - Qt 5 GTK2 platform theme
libqt5network5 - Qt 5 network module
libqt5opengl5 - Qt 5 OpenGL module
libqt5opengl5-dev - Qt 5 OpenGL library development files
libqt5printsupport5 - Qt 5 print support module
libqt5sql5 - Qt 5 SQL module
libqt5sql5-mysql - Qt 5 MySQL database driver
libqt5sql5-odbc - Qt 5 ODBC database driver
libqt5sql5-psql - Qt 5 PostgreSQL database driver
libqt5sql5-sqlite - Qt 5 SQLite 3 database driver
libqt5sql5-tds - Qt 5 FreeTDS database driver
libqt5test5 - Qt 5 test module
libqt5widgets5 - Qt 5 widgets module
libqt5xml5 - Qt 5 XML module
qt5-default - Qt 5 development defaults package
qt5-qmake - Qt 5 qmake Makefile generator tool
qtbase5-dbg - Qt 5 base library debugging symbols
qtbase5-dev - Qt 5 base development files
qtbase5-dev-tools - Qt 5 base development programs
qtbase5-dev-tools-dbg - Qt 5 base binaries debugging symbols
qtbase5-doc-html - Qt 5 base HTML documentation
qtbase5-examples - Qt 5 base examples
qtbase5-examples-dbg - Qt 5 base examples debugging symbols
qtbase5-private-dev - Qt 5 base private development files
Closes: 751084 775398 781148 783127 783134 785207
Changes:
qtbase-opensource-src (5.4.1+dfsg-3) experimental; urgency=medium
.
[ Dmitry Shachnev ]
* Update debian/README.source for new upstream code location and branching
schemes.
.
[ Lisandro Damián Nicanor Pérez Meyer ]
* Enable parallel building while bootstraping qmake.
* Add libpcre3-dev as build-dependency in order to use the new pcre16 library
instead of the embedded one.
* Expose documentation in /usr/share/doc (Closes: #751084).
* Clean up the list in Uploaders, removing people who haven't committed to
the repo in more than a year. They can re-add themselves whenever they want
(and we really hope to see you back really soon!).
* Split the GTK2 platform theme plugin into a separate package
(Closes: #781148). Thanks Riku Voipio for the patch.
* Use pkgkde-mark-private-symbols instead of mark_private_symbols.sh.
- Remove the previous script from the package and it's entry in
debian/copyright.
- Depend on pkg-kde-tools >= 0.15.17.
* Fix system tray's bugs with:
- xcb_delay_showing_tray_icon_window_until_it_is_embedded.patch
(Closes: #775398)
- qtsystemtrayicon_handle_submenus_correctly.patch
* Fix applications crashing when built with GCC5 by backporting upstream
patches (Closes: #783127):
- make_qglobal_h_complain_if_you_use_fpie.patch
- require_fpic_instead_of_fpie.patch
* Fix CVE-2015-1858, CVE-2015-1859 and CVE 2015-1860 by backporting patches
(Closes: #783134):
- fixes_crash_in_bmp_and_ico_image_decoders.patch
- fixes_crash_in_gif_image_decoder.patch
* Backport tst_QNetworkDiskCache-Stop-using-actual-web-servers.patch to solve
tests wanting to access network services (Closes: #785207).
Checksums-Sha1:
0fd2317736adf161d8b97f78e47d8a9be45ec289 4871 qtbase-opensource-src_5.4.1+dfsg-3.dsc
45bd06aa5ea6dadd4ac9c673e54aa53cf7c128a7 195660 qtbase-opensource-src_5.4.1+dfsg-3.debian.tar.xz
e99ea57983d5369d369f5462992208c88b96ceab 1988002 libqt5core5a_5.4.1+dfsg-3_amd64.deb
9c5ae9ccd1b5439fdf16f01545e645027f3818ec 2220158 libqt5gui5_5.4.1+dfsg-3_amd64.deb
04a64cbc6589b5d103bdbbeaed7b9635b23b8bee 55608 libqt5libqgtk2_5.4.1+dfsg-3_amd64.deb
bdefe8a05fa4f66f512a28fb3805625585e40eb2 565586 libqt5network5_5.4.1+dfsg-3_amd64.deb
4121ac7dcb806304c2f2c020f4d800e76a764b17 142688 libqt5opengl5_5.4.1+dfsg-3_amd64.deb
10208b08509f738c48da538ff8276f0d521523d4 117440 libqt5sql5_5.4.1+dfsg-3_amd64.deb
09a2c39c19cd7b95015198471420de567dd5e35c 51088 libqt5sql5-mysql_5.4.1+dfsg-3_amd64.deb
bf2981cea079495851c9c0bf95391619a4bfadb1 61368 libqt5sql5-odbc_5.4.1+dfsg-3_amd64.deb
15b420d7c26cdbcc2584e00984925c517f972c9b 52858 libqt5sql5-psql_5.4.1+dfsg-3_amd64.deb
903452c18a4dfb027007a3f86742a9526dde8080 45614 libqt5sql5-sqlite_5.4.1+dfsg-3_amd64.deb
ca5dedc71243e1a9181b758a5fa96fe8f39eea6b 46046 libqt5sql5-tds_5.4.1+dfsg-3_amd64.deb
63a95587dc6bc8b4162148f2b567e4eb45a2ae6f 107104 libqt5xml5_5.4.1+dfsg-3_amd64.deb
fd730d71f8d650ba712977ab0cde507ca8e25906 193272 libqt5dbus5_5.4.1+dfsg-3_amd64.deb
d4e94d6d14378eff52b7baa63082adbf8de83985 93652 libqt5test5_5.4.1+dfsg-3_amd64.deb
99763d8787210c87a242b2e88db5d9360ee0a111 36950 libqt5concurrent5_5.4.1+dfsg-3_amd64.deb
f2c377e706d05cc9f08a4c6fdcb9a06b3b7adb46 2304214 libqt5widgets5_5.4.1+dfsg-3_amd64.deb
98c94bc6544464086b5df603d28f9a2902f82d09 186816 libqt5printsupport5_5.4.1+dfsg-3_amd64.deb
62f677e019fe6b02f0cac3ad3ae48810f1bbc906 905024 qtbase5-dev_5.4.1+dfsg-3_amd64.deb
3450dfb298a6ac030fa0090dfc9ef0398bb317c5 885786 qtbase5-private-dev_5.4.1+dfsg-3_amd64.deb
c616adf6343e5cbecd481294c5924960fabb6fb5 43992 libqt5opengl5-dev_5.4.1+dfsg-3_amd64.deb
9266898db2ea613c334b61f7f2b2d81b6c6705fa 1112118 qtbase5-dev-tools_5.4.1+dfsg-3_amd64.deb
66fb8431143562db81fa1ded1d3411853b90d340 1234664 qt5-qmake_5.4.1+dfsg-3_amd64.deb
ddf2e1fa36ed9d79674c711bde217c95b14f3869 4203646 qtbase5-examples_5.4.1+dfsg-3_amd64.deb
19f7aeb65150a89be5406928ea337273e2d6cc6e 132143144 qtbase5-dbg_5.4.1+dfsg-3_amd64.deb
6af05f9be701705f517897940f89b7a6f4aff4f1 29869666 qtbase5-dev-tools-dbg_5.4.1+dfsg-3_amd64.deb
e6aa0de06564935018d3f00021e81edff1c17261 91828892 qtbase5-examples-dbg_5.4.1+dfsg-3_amd64.deb
2916f6c59323a5f2f6bbc02ebc1c07d0e22a912c 28884 qt5-default_5.4.1+dfsg-3_amd64.deb
ad62cf6972993cec645caabee6214a25a8722f7a 21749410 qtbase5-doc-html_5.4.1+dfsg-3_all.deb
Checksums-Sha256:
c66ebfe39aecc6cfd0c42b45727284e2b282da86dbafda6704ef8aa73bdda6c8 4871 qtbase-opensource-src_5.4.1+dfsg-3.dsc
ca91af30ea39cfceaad153a8ca6f62e98c60e024c7fabf389c792a8b8b9a4148 195660 qtbase-opensource-src_5.4.1+dfsg-3.debian.tar.xz
315228f9490ec281a78644cca7678ded49ecf9dec95e1f58884fcf286524d5f2 1988002 libqt5core5a_5.4.1+dfsg-3_amd64.deb
f33e8853a5ac03d9a1807f4d89a48acc79362d3f7e0f8804f8a4b553596e8291 2220158 libqt5gui5_5.4.1+dfsg-3_amd64.deb
d45cb7cd332b2741d203554183ca58bb021eeb13dce7b55ad157f518bd369d97 55608 libqt5libqgtk2_5.4.1+dfsg-3_amd64.deb
48a040e9342619c8cf3fc1e86c4362e7d53abff101c0b14ca5181edf25707b3c 565586 libqt5network5_5.4.1+dfsg-3_amd64.deb
44e91d616287a238f1d06ed3f6e4d893cc289d09017d1fd5ec7fd8b47de3bc54 142688 libqt5opengl5_5.4.1+dfsg-3_amd64.deb
e131c8f9e72fa7870efe73430b8f3860ab8e9980415b3975dfcf8574c31af6b4 117440 libqt5sql5_5.4.1+dfsg-3_amd64.deb
a01d16b0cf8e73b18a802be3e19e5fec1e786b7af44dc54239b18eb63aac7b87 51088 libqt5sql5-mysql_5.4.1+dfsg-3_amd64.deb
0b0ec4423c5899ab9f674f99bf1d7e96f6e5c51ddeedaa1182201963318bedf4 61368 libqt5sql5-odbc_5.4.1+dfsg-3_amd64.deb
60f434dd41fb62f4bb28fa96054f91b06c12d82c9a184b3b51a7df80014a5a98 52858 libqt5sql5-psql_5.4.1+dfsg-3_amd64.deb
20efc51b54977895d0ddbcf32a44d5b78792cf11b8557cf2cdb8c45cbc1cbe1c 45614 libqt5sql5-sqlite_5.4.1+dfsg-3_amd64.deb
780fcf65e0322d70b396e48d1277aa9b255bcdce7b4a3a643dafd58290460d9e 46046 libqt5sql5-tds_5.4.1+dfsg-3_amd64.deb
2fa782a407f426eaa0ef8df11ebfb474a7ced76abac18bb6c83103ad1f14a185 107104 libqt5xml5_5.4.1+dfsg-3_amd64.deb
fed29d854e3abc3c4a0b314fbcffb7516c1ce59726a140edce5c0b0f59464d9f 193272 libqt5dbus5_5.4.1+dfsg-3_amd64.deb
ccdbb96a39f8f521f5af12207ccf1b3c00c6c3c56c8258e7a85663c0069af299 93652 libqt5test5_5.4.1+dfsg-3_amd64.deb
99ec145da7f2b9f97648ccbc6b8fa76e36f8b785e7141123a90f8761a7af80cb 36950 libqt5concurrent5_5.4.1+dfsg-3_amd64.deb
9120bb9131f00dc325f85fed65b43f6a76b9321f2b0495b30484a1bf00b74db6 2304214 libqt5widgets5_5.4.1+dfsg-3_amd64.deb
ad4080ad9ded070659f09ad3a01538e92ba95e26c7a6b792fe91911a6002f90d 186816 libqt5printsupport5_5.4.1+dfsg-3_amd64.deb
52b1574d40d20f8f31854b8d507e612193a2c9cce8b3d4a1e7f4547aef007795 905024 qtbase5-dev_5.4.1+dfsg-3_amd64.deb
3c1ea0398ec9158bfeb58632b5b85687117b85cb5b49ee3b2c03e8bf0fa2f01e 885786 qtbase5-private-dev_5.4.1+dfsg-3_amd64.deb
edb9237cc0d3b1834723c2c4f009e30b9636539f5b0cc73fd81214fe79e130a3 43992 libqt5opengl5-dev_5.4.1+dfsg-3_amd64.deb
0a5c64e634d03dfdf5a0312d3286b79fc5b16e8e737688aadbfe575f160fb8a6 1112118 qtbase5-dev-tools_5.4.1+dfsg-3_amd64.deb
22c92f5f61ad4d1e056ce576ae5b8d9d2558c373fc72c99397d017e2f76324da 1234664 qt5-qmake_5.4.1+dfsg-3_amd64.deb
ef968aad1c8863e077d3e65ef919ec9c5ab174e5b4f082b2099e781d924b682a 4203646 qtbase5-examples_5.4.1+dfsg-3_amd64.deb
b55a1fb56ec31392c1d1fcb2247abb90fdb52aa7ea9569bf766298abc62a7361 132143144 qtbase5-dbg_5.4.1+dfsg-3_amd64.deb
0707f22cf19eead90e63d13427ab59214c933e4b6ebe0229e0488c8931bf7736 29869666 qtbase5-dev-tools-dbg_5.4.1+dfsg-3_amd64.deb
79dc2a4e42572c56c4b9ee86cf96928e3d1c25379b1320ad66e060eae84c2739 91828892 qtbase5-examples-dbg_5.4.1+dfsg-3_amd64.deb
117d241748e14a9b2c3c3b4033787c46135c76dc459dac18916c2734bf4e724b 28884 qt5-default_5.4.1+dfsg-3_amd64.deb
83094f215bdb05c45ca92a1847f3ac57e8aeae04c971e1b96cabbf3918678775 21749410 qtbase5-doc-html_5.4.1+dfsg-3_all.deb
Files:
ed7c852c20fd0c864ee20c1ce5bc32c8 4871 libs optional qtbase-opensource-src_5.4.1+dfsg-3.dsc
bb231409b29abd9ba48ab722b19485e9 195660 libs optional qtbase-opensource-src_5.4.1+dfsg-3.debian.tar.xz
dcf6141507dd97918f141dcef56e1f95 1988002 libs optional libqt5core5a_5.4.1+dfsg-3_amd64.deb
5556f7bc29ac92be57f9cf5c06c8fa8f 2220158 libs optional libqt5gui5_5.4.1+dfsg-3_amd64.deb
d86c0d51bb9645208f33791a993071ae 55608 libs optional libqt5libqgtk2_5.4.1+dfsg-3_amd64.deb
08691b0de8a88164a99e6c748aed8617 565586 libs optional libqt5network5_5.4.1+dfsg-3_amd64.deb
3b8626ed964910b03b97a88416d6a79f 142688 libs optional libqt5opengl5_5.4.1+dfsg-3_amd64.deb
ecfc866dab53299ca8b52e75d9d62b5d 117440 libs optional libqt5sql5_5.4.1+dfsg-3_amd64.deb
91f72dce98367f77dacbf2f4cc42ea39 51088 libs optional libqt5sql5-mysql_5.4.1+dfsg-3_amd64.deb
6bc12ff13085d88c6bbc164b0c5cd3c1 61368 libs optional libqt5sql5-odbc_5.4.1+dfsg-3_amd64.deb
330616153be4e86a3756674344bf1e2f 52858 libs optional libqt5sql5-psql_5.4.1+dfsg-3_amd64.deb
4d883672c87c2c43b2833653b01ec0e0 45614 libs optional libqt5sql5-sqlite_5.4.1+dfsg-3_amd64.deb
ab1c8b1b4fe0a63ea46e0aa6ac11b905 46046 libs optional libqt5sql5-tds_5.4.1+dfsg-3_amd64.deb
f9cc51f1e0f6a61a4735edff405fa4ea 107104 libs optional libqt5xml5_5.4.1+dfsg-3_amd64.deb
d9a36c983c779e8ffe3e89cd4c93a637 193272 libs optional libqt5dbus5_5.4.1+dfsg-3_amd64.deb
46a3d29b5e125f305bd62b61c3d55da8 93652 libs optional libqt5test5_5.4.1+dfsg-3_amd64.deb
5fe4aedf309df251e4fc216071fd83be 36950 libs optional libqt5concurrent5_5.4.1+dfsg-3_amd64.deb
b962f7550aff4c5a67584ab5b71f43e9 2304214 libs optional libqt5widgets5_5.4.1+dfsg-3_amd64.deb
aee50bbb3df26a5e83c71a72d36b22fc 186816 libs optional libqt5printsupport5_5.4.1+dfsg-3_amd64.deb
9aa2a57357ff7bd577b10f8142fcb981 905024 libdevel optional qtbase5-dev_5.4.1+dfsg-3_amd64.deb
1b9e99cabab3327d8890510adcd14e57 885786 libdevel optional qtbase5-private-dev_5.4.1+dfsg-3_amd64.deb
5e14eb37a9d8d4b8be8dff68dc482c02 43992 libdevel optional libqt5opengl5-dev_5.4.1+dfsg-3_amd64.deb
89fa5812b41d3c1d5bb673b361d9254b 1112118 devel optional qtbase5-dev-tools_5.4.1+dfsg-3_amd64.deb
47f1261d89860efad18b516af9ef7dca 1234664 devel optional qt5-qmake_5.4.1+dfsg-3_amd64.deb
03178615cd0674f3cc10589fcdb2ea96 4203646 x11 optional qtbase5-examples_5.4.1+dfsg-3_amd64.deb
2e81a93260eaf59ad314b57f4728aa7b 132143144 debug extra qtbase5-dbg_5.4.1+dfsg-3_amd64.deb
db2748430a7443fbea99075d2cd16e58 29869666 debug extra qtbase5-dev-tools-dbg_5.4.1+dfsg-3_amd64.deb
fb07e7e48558b10dba6038242f98ca6a 91828892 debug extra qtbase5-examples-dbg_5.4.1+dfsg-3_amd64.deb
9f51284a03c30ee6ced5ff5df969a270 28884 libs optional qt5-default_5.4.1+dfsg-3_amd64.deb
5be05bce0369d9e1f1e4f23b7c35af56 21749410 doc extra qtbase5-doc-html_5.4.1+dfsg-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVU5KNAAoJEKtkX0BihqfQAU8P/2vlauFT7cZKPi98fGB332u/
ravPmw+yCxCieJ0tdbmRv6SgqTP8/K/cyEywgRganOuREUt2lw+ASIIfxMZN6ua4
1sY6MAJ8mGnO13wVnFIOl7FtD7TiQ3a/0rEchpf9tEvIKh6kpP4/2U5l08NH+NEE
t6XSG+IVzB6/UYs8wAzexy+n4YPtxgsS4YN71S/XxnYBwP8E9NVBWwjnmY3yX7b2
4Qj9KUtX9avfipOAx0z60blqvrp820CiO96gm8ouaYlw2mXC9/V+DwAmXOI+Iaqz
0NCtpZVVG26bHlHQvPtBe9mZD6GxT7pbl0Sd7s8egmp/rS21np88u35PnB5n+9QP
ORrOco7fk39QT1xPJPBaZwLT4EQt7/zv/6wudOWndS+Iyiu6k0n8FQlid5XXkPvO
7sO6qQyz4OfBxyFfjeMcQL9bN/5uCmrywsZJlUR5PjiQLV/7BN2u9U6WVtNQoHxW
tdlPJZ6QBRQffQGcVqbP3Mc4RZYe69iwlvXVb1BOvN+DQTl+SJ3j8FhysEUOdxfI
JFuSBdxeZPFY++4ubS9UFHuZiQFJf7IiGyiI/vrYb3M+KC7XInYp86EQe4PBs19e
/Ked/cumTX1RQhCTctqhYYLOLerYVLmPoJxPDtc6amKGp1nIN4k7xXdjByoZrkPM
LGE5r3e8q0lsWtOCrB1w
=o0Do
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: