Your message dated Wed, 14 Mar 2018 15:50:52 -0300 with message-id <2021727.dg2qGaEvQ5@tonks> and subject line Mark as done has caused the Debian Bug report #850954, regarding CVE-2016-10040 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 850954: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850954 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: CVE-2016-10040
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Wed, 11 Jan 2017 16:44:48 +0100
- Message-id: <148414948834.6998.12223844074535114656.reportbug@hullmann.westfalen.local>
Source: qtbase-opensource-src Severity: important Tags: security Hi QT maintainers, there was the following report on QXmlSimpleReader: http://www.openwall.com/lists/oss-security/2016/12/24/2 Which upstream later later on labels as deprecated: http://www.openwall.com/lists/oss-security/2017/01/09/1 There's probably not much we can do here, but I'd be interested in QT maintainers opinion. Maybe the next QT upload should simply add a note to the changelog that it's unsupported. Do we have any notable users of QXmlSimpleReader in stretch? Probably not. Cheers, Moritz
--- End Message ---
--- Begin Message ---
- To: 850954-done@bugs.debian.org
- Subject: Mark as done
- From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
- Date: Wed, 14 Mar 2018 15:50:52 -0300
- Message-id: <2021727.dg2qGaEvQ5@tonks>
Version: 5.7.1+dfsg-3 I can't find any reference to this CVE being present in Qt 5. If it has ever been there it should have been solved in 5.5. Marking as fixed in 5.7.1 (stable), but of course if someone can prove this is not valid please reopen. The code has changed quite a lot since 5.5 though... -- "A computer is like an air conditioner. It stops working when you open windows." Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---