Bug#783133: marked as done (qt4-x11: CVE-2015-1858 CVE-2015-1859 CVE-2015-1860)

To: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Subject: Bug#783133: marked as done (qt4-x11: CVE-2015-1858 CVE-2015-1859 CVE-2015-1860)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 03 May 2015 13:33:14 +0000
Message-id: <[🔎] handler.783133.D783133.143065995610415.ackdone@bugs.debian.org>
References: <E1You0X-00035l-CR@franck.debian.org> <20150422181400.20764.522.reportbug@eldamar.local>

Your message dated Sun, 03 May 2015 13:32:33 +0000
with message-id <E1You0X-00035l-CR@franck.debian.org>
and subject line Bug#783133: fixed in qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
has caused the Debian Bug report #783133,
regarding qt4-x11: CVE-2015-1858 CVE-2015-1859 CVE-2015-1860
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
783133: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783133
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: qt4-x11: CVE-2015-1858 CVE-2015-1859 CVE-2015-1860
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 22 Apr 2015 20:14:00 +0200
Message-id: <20150422181400.20764.522.reportbug@eldamar.local>

Source: qt4-x11
Version: 4:4.8.6+git64-g5dc8b2b+dfsg-3
Severity: normal
Tags: security upstream fixed-upstream

Hi,

the following vulnerabilities were published for qt4-x11.

CVE-2015-1858[0]:
segmentation fault in qbmphandler.cpp

CVE-2015-1859[1]:
segmentation fault in qicohandler.cpp

CVE-2015-1860[2]:
segmentation fault in qgifhandler.cpp

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-1858
[1] https://security-tracker.debian.org/tracker/CVE-2015-1859
[2] https://security-tracker.debian.org/tracker/CVE-2015-1860
[3] http://lists.qt-project.org/pipermail/announce/2015-April/000067.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 783133-close@bugs.debian.org
Subject: Bug#783133: fixed in qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
From: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Date: Sun, 03 May 2015 13:32:33 +0000
Message-id: <E1You0X-00035l-CR@franck.debian.org>

Source: qt4-x11
Source-Version: 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1

We believe that the bug you reported is fixed in the latest version of
qt4-x11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783133@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> (supplier of updated qt4-x11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 May 2015 16:35:39 -0300
Source: qt4-x11
Binary: qtcore4-l10n qt4-doc qt4-doc-html
Architecture: source all
Version: 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
Distribution: stable-proposed-updates
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Description:
 libqt4-assistant - transitional package for Qt 4 assistant module
 libqt4-core - transitional package for Qt 4 core non-GUI runtime libraries
 libqt4-dbg - Qt 4 library debugging symbols
 libqt4-dbus - Qt 4 D-Bus module
 libqt4-declarative - Qt 4 Declarative module
 libqt4-declarative-folderlistmodel - Qt 4 folderlistmodel QML plugin
 libqt4-declarative-gestures - Qt 4 gestures QML plugin
 libqt4-declarative-particles - Qt 4 particles QML plugin
 libqt4-declarative-shaders - Qt 4 shaders QML plugin
 libqt4-designer - Qt 4 designer module
 libqt4-designer-dbg - Qt 4 designer library debugging symbols
 libqt4-dev - Qt 4 development files
 libqt4-dev-bin - Qt 4 development programs
 libqt4-gui - transitional package for Qt 4 GUI runtime libraries
 libqt4-help - Qt 4 help module
 libqt4-network - Qt 4 network module
 libqt4-opengl - Qt 4 OpenGL module
 libqt4-opengl-dev - Qt 4 OpenGL library development files
 libqt4-phonon - Qt 4 Phonon module
 libqt4-private-dev - Qt 4 private development files
 libqt4-qt3support - Qt 3 compatibility library for Qt 4
 libqt4-qt3support-dbg - Qt 3 compatibility library for Qt 4 debugging symbols
 libqt4-script - Qt 4 script module
 libqt4-script-dbg - Qt 4 script library debugging symbols
 libqt4-scripttools - Qt 4 script tools module
 libqt4-sql - Qt 4 SQL module
 libqt4-sql-ibase - Qt 4 InterBase/FireBird database driver
 libqt4-sql-mysql - Qt 4 MySQL database driver
 libqt4-sql-odbc - Qt 4 ODBC database driver
 libqt4-sql-psql - Qt 4 PostgreSQL database driver
 libqt4-sql-sqlite - Qt 4 SQLite 3 database driver
 libqt4-sql-sqlite2 - Qt 4 SQLite 2 database driver
 libqt4-sql-tds - Qt 4 FreeTDS database driver
 libqt4-svg - Qt 4 SVG module
 libqt4-test - Qt 4 test module
 libqt4-webkit - transitional package for Qt 4 WebKit module
 libqt4-webkit-dbg - transitional package for Qt 4 WebKit debugging symbols
 libqt4-xml - Qt 4 XML module
 libqt4-xmlpatterns - Qt 4 XML patterns module
 libqt4-xmlpatterns-dbg - Qt 4 XML patterns library debugging symbols
 libqtcore4 - Qt 4 core module
 libqtdbus4 - Qt 4 D-Bus module library
 libqtgui4  - Qt 4 GUI module
 qdbus      - Qt 4 D-Bus tool
 qt4-bin-dbg - Qt 4 binaries debugging symbols
 qt4-default - Qt 4 development defaults package
 qt4-demos  - Qt 4 examples and demos
 qt4-demos-dbg - Qt 4 examples and demos debugging symbols
 qt4-designer - graphical designer for Qt 4 applications
 qt4-dev-tools - Qt 4 development tools
 qt4-doc    - Qt 4 API documentation
 qt4-doc-html - Qt 4 API documentation (HTML format)
 qt4-linguist-tools - Qt 4 Linguist tools
 qt4-qmake  - Qt 4 qmake Makefile generator tool
 qt4-qmlviewer - Qt 4 QML viewer
 qt4-qtconfig - Qt 4 configuration tool
 qtcore4-l10n - Qt 4 core module translations
Closes: 783133
Changes:
 qt4-x11 (4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1) stable-proposed-updates; urgency=medium
 .
   * Add fixes_crash_in_gif_image_decoder.patch and
     fixes_crash_in_bmp_and_ico_image_decoder.patch to fix CVE-2015-1858,
     CVE-2015-1859 and CVE-2015-1860 (Closes: #783133).
Checksums-Sha1:
 91000978421b0d17a53341779b7d4242a31671c4 6532 qt4-x11_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1.dsc
 21243a0a299f04426e455019e2ffe0732bb04cea 315388 qt4-x11_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1.debian.tar.xz
 8de12a4b2d7e18534359ec94fea58a7460b78da8 653962 qtcore4-l10n_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
 26a4d785f3d9cce2a2bc3c5824e4f407dc8b3017 94884548 qt4-doc_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
 bf5aec075fad7bdd2a414865712512c4981c861f 45240410 qt4-doc-html_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
Checksums-Sha256:
 a5172f66e9af7971b9212ca34996b23a1c8f5c2dcc603adfc7132381c2068701 6532 qt4-x11_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1.dsc
 b1381ca14eab7025e327025b6adb8e7aa1afa455ede37c6b9f35db71e892676b 315388 qt4-x11_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1.debian.tar.xz
 cd01807de060b3ec83e7de24242c6723b1069887a0c5f8cbeddb299db8975c60 653962 qtcore4-l10n_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
 f34d6931362665794d427cac6e51ddbcd99337d159b0ff7f7b1a30250de7e07b 94884548 qt4-doc_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
 60c57367c02bf849cbaa043613269664e12fdf937cca8765aab9a60ead4a41ab 45240410 qt4-doc-html_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
Files:
 8826843993a533c99989a12b2f4c345e 6532 libs optional qt4-x11_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1.dsc
 c3a73a1558a3fcd89e473793ef3f69f2 315388 libs optional qt4-x11_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1.debian.tar.xz
 0fe7340d234d373c764540fda96c31a8 653962 libs optional qtcore4-l10n_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
 07d046f89285670f0fa5c85aa6edb510 94884548 doc optional qt4-doc_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
 e14b5e669353bd2590dec1d0605be078 45240410 doc optional qt4-doc-html_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVQ/MtAAoJEKtkX0BihqfQkVIQAKXiwnFxN6Mqlj1DU2NkPeEg
SChrF6PQonIQFgNfNX7hCVXGRiozcn1gTLe9qf1aj/leraDhOKWqcjazP4TPDq0v
DH4GIXjjQZNIcW3Ep8yWYSHWru+H39IMNYGlgWOCiQsoVAME0HRIr5kyLtatUfIH
/tLRN8GhNLkmD9Zv2nEAO/aCSDWEBQu3qA3WS/AaSvJdHjdRlI1/IXo5G1q/Q6VC
KNLNB2T0BolWUEtQlSWyssLBIWeTT3jcT6MdLHrsd/Xu3ft6AjBohuueaEjmDXp3
DwetdQbk674zTTrc8cZ8Wzw8WzkzNIDxxRDvMe6Ra0vHhvJYi41OMHwtF3vM26eH
bQmPE6NsGgsn+qSRhcMILtL0ARfkiUquWVuSOUt1ys6mDYAr58oaUKlKn7MLR3sl
5Q2Xa6ZdnYEaaVhA0sHas/aIlgXfa+Od6IaNEHkCBJyMaG1MYBwhHDHf9tk1bQ9+
B21gXK/0fdywrt3+hqvQXjh4tzRBqw+0STbXW2QRjwEO8upJJzZj5b/vF9OzqKcT
rjiXdOjBKlA98vcc7R4IYtN4AUG5kuu+M0nyY9TFdYnIKZrdK29pvTsYawU4tZGP
VCH9MT+QhkZ/FJ3fx720gHMM6RAU1OF2/5kmEpJv8OZVXz2TQ2iuAd7l8XAawXoG
smGtVAdWUkEDjFRgVEJ3
=pntu
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#784094: kdelibs: Autostart never finishes, ksmserver ignores logout/shutdown.
Next by Date: qt4-x11_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Bug#783133: marked as done (qt4-x11: CVE-2015-1858 CVE-2015-1859 CVE-2015-1860)
Next by thread: Processing of qt4-x11_4.8.6+git155-g716fbae+dfsg-2_amd64.changes
Index(es):
- Date
- Thread