Bug#779580: marked as done (qtbase-opensource-src: CVE-2015-0295)

To: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Subject: Bug#779580: marked as done (qtbase-opensource-src: CVE-2015-0295)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 19 May 2015 22:21:13 +0000
Message-id: <[🔎] handler.779580.D779580.14320738424392.ackdone@bugs.debian.org>
References: <E1Yupp8-0008WK-1Y@franck.debian.org> <20150302065809.1630.65379.reportbug@m25s06.vlinux.de>

Your message dated Tue, 19 May 2015 22:17:18 +0000
with message-id <E1Yupp8-0008WK-1Y@franck.debian.org>
and subject line Bug#779580: fixed in qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
has caused the Debian Bug report #779580,
regarding qtbase-opensource-src: CVE-2015-0295
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
779580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779580
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qt4-x11: CVE-2015-0295

From: Moritz Muehlenhoff <jmm@inutil.org>

Date: Mon, 02 Mar 2015 07:58:09 +0100

Message-id: <20150302065809.1630.65379.reportbug@m25s06.vlinux.de>
Package: qt4-x11
Severity: important
Tags: security
Justification: user security hole

Hi,
please see http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
for details and a patch.

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 779580-close@bugs.debian.org
Subject: Bug#779580: fixed in qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
From: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Date: Tue, 19 May 2015 22:17:18 +0000
Message-id: <E1Yupp8-0008WK-1Y@franck.debian.org>

Source: qtbase-opensource-src
Source-Version: 5.3.2+dfsg-4+deb8u1

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 779580@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> (supplier of updated qtbase-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 19 May 2015 13:56:37 -0300
Source: qtbase-opensource-src
Binary: libqt5core5a libqt5gui5 libqt5network5 libqt5opengl5 libqt5sql5 libqt5sql5-mysql libqt5sql5-odbc libqt5sql5-psql libqt5sql5-sqlite libqt5sql5-tds libqt5xml5 libqt5dbus5 libqt5test5 libqt5concurrent5 libqt5widgets5 libqt5printsupport5 qtbase5-dev qtbase5-private-dev libqt5opengl5-dev qtbase5-dev-tools qt5-qmake qtbase5-examples qtbase5-dbg qtbase5-dev-tools-dbg qtbase5-examples-dbg qt5-default qtbase5-doc-html
Architecture: source amd64 all
Version: 5.3.2+dfsg-4+deb8u1
Distribution: stable-proposed-updates
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Description:
 libqt5concurrent5 - Qt 5 concurrent module
 libqt5core5a - Qt 5 core module
 libqt5dbus5 - Qt 5 D-Bus module
 libqt5gui5 - Qt 5 GUI module
 libqt5network5 - Qt 5 network module
 libqt5opengl5 - Qt 5 OpenGL module
 libqt5opengl5-dev - Qt 5 OpenGL library development files
 libqt5printsupport5 - Qt 5 print support module
 libqt5sql5 - Qt 5 SQL module
 libqt5sql5-mysql - Qt 5 MySQL database driver
 libqt5sql5-odbc - Qt 5 ODBC database driver
 libqt5sql5-psql - Qt 5 PostgreSQL database driver
 libqt5sql5-sqlite - Qt 5 SQLite 3 database driver
 libqt5sql5-tds - Qt 5 FreeTDS database driver
 libqt5test5 - Qt 5 test module
 libqt5widgets5 - Qt 5 widgets module
 libqt5xml5 - Qt 5 XML module
 qt5-default - Qt 5 development defaults package
 qt5-qmake  - Qt 5 qmake Makefile generator tool
 qtbase5-dbg - Qt 5 base library debugging symbols
 qtbase5-dev - Qt 5 base development files
 qtbase5-dev-tools - Qt 5 base development programs
 qtbase5-dev-tools-dbg - Qt 5 base binaries debugging symbols
 qtbase5-doc-html - Qt 5 base HTML documentation
 qtbase5-examples - Qt 5 base examples
 qtbase5-examples-dbg - Qt 5 base examples debugging symbols
 qtbase5-private-dev - Qt 5 base private development files
Closes: 779580
Changes:
 qtbase-opensource-src (5.3.2+dfsg-4+deb8u1) stable-proposed-updates; urgency=medium
 .
   [ Dmitry Shachnev ]
   * Fix several DoS vulnerabilities in the image handlers.
     - CVE-2015-0295, CVE-2015-1858, CVE-2015-1859, CVE-2015-1860.
     - Closes: #779580.
Checksums-Sha1:
 d68f38271a93aa01b5a1f67ba3b5515557fdea69 4901 qtbase-opensource-src_5.3.2+dfsg-4+deb8u1.dsc
 07e9e95f0778355522587b1e1d92c07fe0bb3419 192392 qtbase-opensource-src_5.3.2+dfsg-4+deb8u1.debian.tar.xz
 de8e9941e48c3f32b323e184d9bcc4372f7c4ce2 1978154 libqt5core5a_5.3.2+dfsg-4+deb8u1_amd64.deb
 0dbe70202ef7e1ad84b30469b4e2cc32395e19e1 2193730 libqt5gui5_5.3.2+dfsg-4+deb8u1_amd64.deb
 c9ecfe9b1acfc73bcbefe89015973b9d06f08f7e 545942 libqt5network5_5.3.2+dfsg-4+deb8u1_amd64.deb
 4ec2e5759b9527355d585f65b01dd4fe7601014e 140570 libqt5opengl5_5.3.2+dfsg-4+deb8u1_amd64.deb
 117cf358474dcf46915dfeb4ec62740e3add2376 114184 libqt5sql5_5.3.2+dfsg-4+deb8u1_amd64.deb
 85b17ad4563d357bddbe6298898ff129626acc8d 47198 libqt5sql5-mysql_5.3.2+dfsg-4+deb8u1_amd64.deb
 fc2cb4afc68a966205915cbd905792e361a73756 57990 libqt5sql5-odbc_5.3.2+dfsg-4+deb8u1_amd64.deb
 65771c7731d8b2e0610f4b32b6f612186c5e417b 49682 libqt5sql5-psql_5.3.2+dfsg-4+deb8u1_amd64.deb
 1acaa342a5ecf917dd90e9fd7380cfedd005ec35 41658 libqt5sql5-sqlite_5.3.2+dfsg-4+deb8u1_amd64.deb
 46db7ff82cd346d71cb150f0f7c47a7ca6d9ad1f 42022 libqt5sql5-tds_5.3.2+dfsg-4+deb8u1_amd64.deb
 de8682b099c85f93d38f09a39047a741f6fa3ccf 103416 libqt5xml5_5.3.2+dfsg-4+deb8u1_amd64.deb
 78e4f1e6cb2b8f4c4b7b420e26e03b9b1fc0e0b5 191250 libqt5dbus5_5.3.2+dfsg-4+deb8u1_amd64.deb
 6e371f7d8b1b283ba8a483c52374240c76c1cd76 88016 libqt5test5_5.3.2+dfsg-4+deb8u1_amd64.deb
 e7d2d4aef2d7810a8d2b80580466312c9bbb657e 32894 libqt5concurrent5_5.3.2+dfsg-4+deb8u1_amd64.deb
 0f4ccfa41862afc09c513afb42cd7f4c258596a1 2287330 libqt5widgets5_5.3.2+dfsg-4+deb8u1_amd64.deb
 7a10e2138fb38f287c12123659f7ff1171815db7 184878 libqt5printsupport5_5.3.2+dfsg-4+deb8u1_amd64.deb
 3e670c04f28f4de469e8add6680c88c0160d1469 1541306 qtbase5-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 17e02698b491ac1b21600fe36a4ca8681cc59876 866130 qtbase5-private-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 e7de67b01207fa65631eb6de23f011934683cb35 38122 libqt5opengl5-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 175018ec6e1faf80cf0dda0d0e6559969801eaa8 1108304 qtbase5-dev-tools_5.3.2+dfsg-4+deb8u1_amd64.deb
 00b080aebc99f61fae7b120f5aaf756dd56c5b61 1228724 qt5-qmake_5.3.2+dfsg-4+deb8u1_amd64.deb
 09f09bca8178a4ef3c72d93d4c554f78f5ff42e5 4518218 qtbase5-examples_5.3.2+dfsg-4+deb8u1_amd64.deb
 c88db89c95e4ec49d9f12bba8c59b60059d859c8 122493190 qtbase5-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 d091980a7344520057c71ce9284e7f2d2e626213 28131300 qtbase5-dev-tools-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 96d992ce283417a5ef2f37dd850aa7edcbf50342 89451010 qtbase5-examples-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 c3815c065260b2f50bb540c4782ff8acdeb66a43 24738 qt5-default_5.3.2+dfsg-4+deb8u1_amd64.deb
 8fb6d64b9597f843dc53f1a5f33838120c5296df 22440220 qtbase5-doc-html_5.3.2+dfsg-4+deb8u1_all.deb
Checksums-Sha256:
 851e4c0206f81e291220f46f046056e9b17bb02c67b5d7e96e4eb2a1f7b1e0d8 4901 qtbase-opensource-src_5.3.2+dfsg-4+deb8u1.dsc
 b151b1fb1873f9655df1e2159f72f64d6c8a8565d71e15229e6bac8f91ab1a74 192392 qtbase-opensource-src_5.3.2+dfsg-4+deb8u1.debian.tar.xz
 69683b0288ae507673f7cb6846131787c7a1893d8c3c8c31df2e74cf1b2ba446 1978154 libqt5core5a_5.3.2+dfsg-4+deb8u1_amd64.deb
 f0214c7007ee1d9c28806782bcf703e3758ad7371627c62b5044bc40840d398f 2193730 libqt5gui5_5.3.2+dfsg-4+deb8u1_amd64.deb
 947b8eb7f814314ffe8e813838ca06b9c19035b0ef01838a54876f43c5ef9927 545942 libqt5network5_5.3.2+dfsg-4+deb8u1_amd64.deb
 8ea8f9867bb7c56eaa537bdf5d2638da046f971e6ada0643221f03cbc52bfb01 140570 libqt5opengl5_5.3.2+dfsg-4+deb8u1_amd64.deb
 b1ef18e709148aa5d76513419187aa77e1832238004c972309ad5d2de25bfedc 114184 libqt5sql5_5.3.2+dfsg-4+deb8u1_amd64.deb
 d9029d5b0e18f04e5cef8950ed36908aee133139969c2074ad03bdf968e02a1c 47198 libqt5sql5-mysql_5.3.2+dfsg-4+deb8u1_amd64.deb
 274d8f28895159b2c683236072753d8036bed06701b71971b633b43d29d68335 57990 libqt5sql5-odbc_5.3.2+dfsg-4+deb8u1_amd64.deb
 ed626d04beef2ab47cc26682b9f8707d007d6e513b0ef8718da91410cc295687 49682 libqt5sql5-psql_5.3.2+dfsg-4+deb8u1_amd64.deb
 d6f80f63e2cc4e4c92396e4442588dcee58eb97e3ca267a8931910ec858cef7a 41658 libqt5sql5-sqlite_5.3.2+dfsg-4+deb8u1_amd64.deb
 7b72febf92ec66058fda3766615601f2c9211d8959c563021032f487821831a2 42022 libqt5sql5-tds_5.3.2+dfsg-4+deb8u1_amd64.deb
 bf6ae19c2b019310164d2d5eeb34260604d21d4e20a7123666f04d373a066fe7 103416 libqt5xml5_5.3.2+dfsg-4+deb8u1_amd64.deb
 80e90a7325c8b1ddfc82f0b22fb55e0e25b7754e11178ddb856819f3f5fcf610 191250 libqt5dbus5_5.3.2+dfsg-4+deb8u1_amd64.deb
 76ac0e0bb649b71a1e65f2edda272e18425af5475c5834f837c8a13c4911a42e 88016 libqt5test5_5.3.2+dfsg-4+deb8u1_amd64.deb
 b3aa73a4fa1a5aad8d0e08ef605feeb8d1ae15de2c8e4c0ead4ce93769ec01ad 32894 libqt5concurrent5_5.3.2+dfsg-4+deb8u1_amd64.deb
 ba9990b929443539efbeea0a3f714b21d14824877dc4b4829df5ce4168d105d1 2287330 libqt5widgets5_5.3.2+dfsg-4+deb8u1_amd64.deb
 8a5966e57369cb2db1236ed70a2e55668034a4de4e79f5ad8e136efd2f107217 184878 libqt5printsupport5_5.3.2+dfsg-4+deb8u1_amd64.deb
 2215f4bddbae6f3019aace73de634e20dff04bdc041cdcbf1dede0629a7b9298 1541306 qtbase5-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 06d09f8aaf8e90f3ac279428ddc52463c58f3ea6c052b466be366398b5aebe57 866130 qtbase5-private-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 5cd17183c40ea4698bb6d27dab5e0a1de18448fbab9df6ad419f39af55d7be28 38122 libqt5opengl5-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 07b9e21fa3cf25a7038a4d10c55227e4a73efe772f1e25616bc9d3411c2fc7d7 1108304 qtbase5-dev-tools_5.3.2+dfsg-4+deb8u1_amd64.deb
 51c8eafb469837ccaf38bd894ba6640727c82f7e17689d88a0ea9ec95a14c8c7 1228724 qt5-qmake_5.3.2+dfsg-4+deb8u1_amd64.deb
 e37d0f65777046b536bcfc195e99af788dc602363adab4f92a9ff1e5433e8f28 4518218 qtbase5-examples_5.3.2+dfsg-4+deb8u1_amd64.deb
 c92ce22e128f39a247b5f2d202b9c1e102767795dc237d76b218f86610b3a473 122493190 qtbase5-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 e8418a11b67c2a7d267fc0012fe17dc3730cb91f431ac235392ff94f38988024 28131300 qtbase5-dev-tools-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 365e2240106b5961685dc134747c33c8e12ced322931dc6e8b07def70571bb94 89451010 qtbase5-examples-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 cf2d9c51fb458d3475e8923574c05b06894ea8f947d0ff31b74d0f9027d4b9b1 24738 qt5-default_5.3.2+dfsg-4+deb8u1_amd64.deb
 bed9be79456405dffd988d2b4e1b232ac21e6c195c6c0b7a2d068ca54d39dd9f 22440220 qtbase5-doc-html_5.3.2+dfsg-4+deb8u1_all.deb
Files:
 8d3acb3998b1812ebfda1f0522260b50 4901 libs optional qtbase-opensource-src_5.3.2+dfsg-4+deb8u1.dsc
 3ffb26fed5c5d91ee0dd128e27ef7d85 192392 libs optional qtbase-opensource-src_5.3.2+dfsg-4+deb8u1.debian.tar.xz
 aa2e7aaf32955a133abb8527f4161859 1978154 libs optional libqt5core5a_5.3.2+dfsg-4+deb8u1_amd64.deb
 a6c37bd2c51840e401c719640f71ce36 2193730 libs optional libqt5gui5_5.3.2+dfsg-4+deb8u1_amd64.deb
 9e9e60d85e48706c6f3406c0e204bcb8 545942 libs optional libqt5network5_5.3.2+dfsg-4+deb8u1_amd64.deb
 027862f6bdce7c84c44dbed4809cc042 140570 libs optional libqt5opengl5_5.3.2+dfsg-4+deb8u1_amd64.deb
 45ad8bd2f8d7254e40b550a1e46fda17 114184 libs optional libqt5sql5_5.3.2+dfsg-4+deb8u1_amd64.deb
 fee38981e0886ea2a67802efb190c103 47198 libs optional libqt5sql5-mysql_5.3.2+dfsg-4+deb8u1_amd64.deb
 5618373c5506592dfa2150f1db35e9ec 57990 libs optional libqt5sql5-odbc_5.3.2+dfsg-4+deb8u1_amd64.deb
 4b7feb309b17b0d608903486cbba034b 49682 libs optional libqt5sql5-psql_5.3.2+dfsg-4+deb8u1_amd64.deb
 5a45483ad22cf0f9b3d01372b7387a30 41658 libs optional libqt5sql5-sqlite_5.3.2+dfsg-4+deb8u1_amd64.deb
 b2a7ff8ee029c13be1c6b0460f7ccccd 42022 libs optional libqt5sql5-tds_5.3.2+dfsg-4+deb8u1_amd64.deb
 2cfec85d664f94fff51b3fd201b91dcd 103416 libs optional libqt5xml5_5.3.2+dfsg-4+deb8u1_amd64.deb
 0cc17aff767e5d272e0ce6be79ee61f6 191250 libs optional libqt5dbus5_5.3.2+dfsg-4+deb8u1_amd64.deb
 236204ee72c7641dda6a1a051e121fd5 88016 libs optional libqt5test5_5.3.2+dfsg-4+deb8u1_amd64.deb
 bca91dfeb9da16bd5b3372e1eb7ab5b1 32894 libs optional libqt5concurrent5_5.3.2+dfsg-4+deb8u1_amd64.deb
 571ca37b8839f83b775a7eeac9347833 2287330 libs optional libqt5widgets5_5.3.2+dfsg-4+deb8u1_amd64.deb
 f753966980f96a0ca312314b5bf6b420 184878 libs optional libqt5printsupport5_5.3.2+dfsg-4+deb8u1_amd64.deb
 626b2883e3935ed338abbdb36fd1af69 1541306 libdevel optional qtbase5-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 000d0d40cf75872a4a1607a44a32bf5e 866130 libdevel optional qtbase5-private-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 8fc52a20429c471e09ed754c1e7fe00d 38122 libdevel optional libqt5opengl5-dev_5.3.2+dfsg-4+deb8u1_amd64.deb
 a3aeb726bcccba483de555055faa2e55 1108304 devel optional qtbase5-dev-tools_5.3.2+dfsg-4+deb8u1_amd64.deb
 af1857fc782a7989523f8a689cd7ef10 1228724 devel optional qt5-qmake_5.3.2+dfsg-4+deb8u1_amd64.deb
 3d00b9cc3fd74ee697bf567070df0be0 4518218 x11 optional qtbase5-examples_5.3.2+dfsg-4+deb8u1_amd64.deb
 50d83b59f3c6613f8a94789594e10894 122493190 debug extra qtbase5-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 5d8b2ea0580685481bfdcb8a194dce99 28131300 debug extra qtbase5-dev-tools-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 32b459b424ace375616c9cff2f29f2ee 89451010 debug extra qtbase5-examples-dbg_5.3.2+dfsg-4+deb8u1_amd64.deb
 6fb1fafb7ba6f95b893510f3f00f78da 24738 libs optional qt5-default_5.3.2+dfsg-4+deb8u1_amd64.deb
 a6d20461034e742f5633848be80208e6 22440220 doc extra qtbase5-doc-html_5.3.2+dfsg-4+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVW35zAAoJEKtkX0BihqfQvbgP/ArM9UkP8vG0EPDvkpbDiCTw
dKUKr4BXm5yq3puDVQzi+ywYbtqWFSsgqWRoVDZdEtXC9oShGuIcCqKvPNpl7Yfy
ylDrfzu17NfeCnUQwQdve6fI8HxhcpKRd2eQ4Acka62/TzUJzrsgHCQXfG1gAwRT
hW+YPCvO2uyTOUxSO4njVhFwU2P5djXQHAZWMzUSfkG8iO+TUZFYaFB+y++Bhaum
AfGZmVoHES+UffV79ZPqBmJe4p9F8BF1uH2BrgGZ17zDOeeYJ6Hrg3cQTTfWwOb3
5GrkhAmkCFHNuvaDTlk3mAzbUlruOAf0G4qBMHI383D+ugFuzbedSIjUy5KqyhUE
PZZGwCL/NBelv/xTLupSb0kkMYncTiDotEgIg+tglD16LwC0H0V4f51yV1bxaIT4
HML0x+uib2lwWk3J/GYtzVj1e5tyxq+BCecwnqvh1Ut1NEO+3fWB8fA65wbJjG7P
ATFiATiIXcN3XBWr8UjT2+MO4TTWYi5WixlIok/O/M8/20/osAPnt8p3EYYevTUC
2v5LQOR6AYDBVj4UL/8RfNI5bzBI/oT36N7ofpRG5VOoz102t7RAMat29VBhFLhe
8raNoKlLdjBJD4wEbMsqdsbcIZ2NdCh5G6eGKVGK6PJM7pga8CuNvvdRoEzbwtpL
HUHm47FxU0bwk/eyxLXG
=sKlH
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: qtbase-opensource-src_5.3.2+dfsg-4+deb8u1~bpo70+1_amd64.changes ACCEPTED into wheezy-backports->backports-policy
Next by Date: qtbase-opensource-src_5.3.2+dfsg-4+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: qtbase-opensource-src_5.3.2+dfsg-4+deb8u1~bpo70+1_amd64.changes ACCEPTED into wheezy-backports->backports-policy
Next by thread: qtbase-opensource-src_5.3.2+dfsg-4+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread