Bug#779580: marked as done (qtbase-opensource-src: CVE-2015-0295)

To: Dmitry Shachnev <mitya57@debian.org>
Subject: Bug#779580: marked as done (qtbase-opensource-src: CVE-2015-0295)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 03 Mar 2015 10:24:06 +0000
Message-id: <[🔎] handler.779580.D779580.142537810925936.ackdone@bugs.debian.org>
References: <E1YSjxR-0004i8-4h@franck.debian.org> <[🔎] 20150302065809.1630.65379.reportbug@m25s06.vlinux.de>

Your message dated Tue, 03 Mar 2015 10:21:45 +0000
with message-id <E1YSjxR-0004i8-4h@franck.debian.org>
and subject line Bug#779580: fixed in qtbase-opensource-src 5.4.1+dfsg-2
has caused the Debian Bug report #779580,
regarding qtbase-opensource-src: CVE-2015-0295
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
779580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779580
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qt4-x11: CVE-2015-0295

From: Moritz Muehlenhoff <jmm@inutil.org>

Date: Mon, 02 Mar 2015 07:58:09 +0100

Message-id: <[🔎] 20150302065809.1630.65379.reportbug@m25s06.vlinux.de>
Package: qt4-x11
Severity: important
Tags: security
Justification: user security hole

Hi,
please see http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
for details and a patch.

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 779580-close@bugs.debian.org
Subject: Bug#779580: fixed in qtbase-opensource-src 5.4.1+dfsg-2
From: Dmitry Shachnev <mitya57@debian.org>
Date: Tue, 03 Mar 2015 10:21:45 +0000
Message-id: <E1YSjxR-0004i8-4h@franck.debian.org>

Source: qtbase-opensource-src
Source-Version: 5.4.1+dfsg-2

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 779580@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 03 Mar 2015 10:29:07 +0300
Source: qtbase-opensource-src
Binary: libqt5core5a libqt5gui5 libqt5network5 libqt5opengl5 libqt5sql5 libqt5sql5-mysql libqt5sql5-odbc libqt5sql5-psql libqt5sql5-sqlite libqt5sql5-tds libqt5xml5 libqt5dbus5 libqt5test5 libqt5concurrent5 libqt5widgets5 libqt5printsupport5 qtbase5-dev qtbase5-private-dev libqt5opengl5-dev qtbase5-dev-tools qt5-qmake qtbase5-examples qtbase5-dbg qtbase5-dev-tools-dbg qtbase5-examples-dbg qt5-default qtbase5-doc-html
Architecture: source all
Version: 5.4.1+dfsg-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Description:
 libqt5concurrent5 - Qt 5 concurrent module
 libqt5core5a - Qt 5 core module
 libqt5dbus5 - Qt 5 D-Bus module
 libqt5gui5 - Qt 5 GUI module
 libqt5network5 - Qt 5 network module
 libqt5opengl5 - Qt 5 OpenGL module
 libqt5opengl5-dev - Qt 5 OpenGL library development files
 libqt5printsupport5 - Qt 5 print support module
 libqt5sql5 - Qt 5 SQL module
 libqt5sql5-mysql - Qt 5 MySQL database driver
 libqt5sql5-odbc - Qt 5 ODBC database driver
 libqt5sql5-psql - Qt 5 PostgreSQL database driver
 libqt5sql5-sqlite - Qt 5 SQLite 3 database driver
 libqt5sql5-tds - Qt 5 FreeTDS database driver
 libqt5test5 - Qt 5 test module
 libqt5widgets5 - Qt 5 widgets module
 libqt5xml5 - Qt 5 XML module
 qt5-default - Qt 5 development defaults package
 qt5-qmake  - Qt 5 qmake Makefile generator tool
 qtbase5-dbg - Qt 5 base library debugging symbols
 qtbase5-dev - Qt 5 base development files
 qtbase5-dev-tools - Qt 5 base development programs
 qtbase5-dev-tools-dbg - Qt 5 base binaries debugging symbols
 qtbase5-doc-html - Qt 5 base HTML documentation
 qtbase5-examples - Qt 5 base examples
 qtbase5-examples-dbg - Qt 5 base examples debugging symbols
 qtbase5-private-dev - Qt 5 base private development files
Closes: 779580
Changes:
 qtbase-opensource-src (5.4.1+dfsg-2) experimental; urgency=medium
 .
   * mark_private_symbols.sh: Strip trailing colon from symbols names.
   * Symbols files:
     - Update from buildds’ logs.
     - Mark symbols missing with GCC 5 as optional.
     - Update for the above mark_private_symbols.sh change.
   * Drop obsolete override_dh_makeshlibs code, no longer needed.
     Just use dh_makeshlibs -V instead.
   * Fix CVE-2015-0295 vulnerability in BMP parser (closes: #779580).
Checksums-Sha1:
 e51c45584c5af432ab143fcc61cc3dd4c139e556 4866 qtbase-opensource-src_5.4.1+dfsg-2.dsc
 c6ce392c1a4d3e8d7818101a277edb9a51a7dce0 190536 qtbase-opensource-src_5.4.1+dfsg-2.debian.tar.xz
 3f4c33b0de49ef6cab419f48ae4b4674d3f6fdcc 21695294 qtbase5-doc-html_5.4.1+dfsg-2_all.deb
Checksums-Sha256:
 e00674ab0a013f75e77c417ddf93da6a139c4aca5018b4a5941a8486c96c80a2 4866 qtbase-opensource-src_5.4.1+dfsg-2.dsc
 0343bd63a586e905b6758778bd069eb68f5048c1aea0301019fd344dbfd83fb8 190536 qtbase-opensource-src_5.4.1+dfsg-2.debian.tar.xz
 abbf13cca3ef94112406741302364d3c5c3ab4a6b90950dd22111588f548276d 21695294 qtbase5-doc-html_5.4.1+dfsg-2_all.deb
Files:
 4bfae2de29cee706853ed94554db3f6d 4866 libs optional qtbase-opensource-src_5.4.1+dfsg-2.dsc
 a08914fd5fb518c9a68cb440866950e4 190536 libs optional qtbase-opensource-src_5.4.1+dfsg-2.debian.tar.xz
 a3c7d624b016d377cfda2ac9d0208b66 21695294 doc extra qtbase5-doc-html_5.4.1+dfsg-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJU9YeyAAoJENb+cQNj+F3TwboP+wffAew4M0yGkoD3ooHjpdUC
rmC4Brkqo/ZoUYSRgvMieYkJL8qnZrqFBI/h7RUjBX/ezpIJEfb8K11t0SXjiINx
AqsmfedSpVXp4V8qKG6alkBbtZF6IBw24fswy12GhhkCk5OTk+IEkKf7TUElFy8f
OoBRw3UFEn57Et3LdHDZ7Td38B+VuzYHo9ovYoTc+CspR1XklD1sfjT5W7EVvUHL
OvAKCTv4yQJxfmxoSrLMGXkQDH2cCc5Bu95HwRM/bw+kyTJ632FGh59y2iNlYijb
Wa8jadzRIo+0yasCYIV/LJkCqnXossyVve7dZS+6JJMp1RgX1h2jiH8jnzfis8Rb
Dfn7U1sim6TworuDnUKVvSdPXLHlPEOey55YVhrREHGjvtxdLqtGymS4+tLJVVmI
iWlOkFVFVzXSb0ODwmG2o0TdipdFtawit9zRMdmhd8v58Kf6LxL19UIqHuqS77LL
sDdAZx6kAcy9M7U4maNND2KQaYYjTT+mq1Ov4S+BCxM/C0vcYAkYyu2OhwRlXVu8
gda/ahstIrMLyLUw4zgfQMvIRjqZ/7U7Ufhp420uscuulWyGIeYRL/RO1HpusRfk
M5U1thLSSxJY2kh+rizRH5jkATN+G5jAFV3fsO1jxWJV8qRNbYdgj3pWPR7K4+YV
PdEJYrm3YN58MXydV4OE
=h+7O
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#779550: qt4-x11: CVE-2015-0295
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: Bug#766462: with plymouth installed, I don't get any gettys on my VCs
Next by Date: Processing of qtbase-opensource-src_5.4.1+dfsg-2_amd64.changes
Previous by thread: Bug#779550: marked as done (qt4-x11: CVE-2015-0295)
Next by thread: Processing of qtscript-opensource-src_5.4.1+dfsg-3_amd64.changes
Index(es):
- Date
- Thread