Bug#923003: marked as done (CVE-2018-19873 CVE-2018-19871 CVE-2018-19870)
Your message dated Fri, 12 Apr 2019 20:40:09 +0000
with message-id <E1hF2y1-000C6V-2S@fasolo.debian.org>
and subject line Bug#923003: fixed in qt4-x11 4:4.8.7+dfsg-18
has caused the Debian Bug report #923003,
regarding CVE-2018-19873 CVE-2018-19871 CVE-2018-19870
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
923003: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923003
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: CVE-2018-19873 CVE-2018-19871 CVE-2018-19870
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Fri, 22 Feb 2019 23:13:50 +0100
- Message-id: <155087363079.9717.7010470991876502765.reportbug@hullmann.westfalen.local>
Source: qt4-x11
Severity: grave
Tags: security
Three security issues fixed in QT5 also affect qt4-x11:
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
CVE-2018-19873:
https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
CVE-2018-19871:
https://github.com/qt/qtimageformats/commit/7cfe47a8fe2f987fb2a066a696fb3d9d0afe4d65
(qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp)
CVE-2018-19870:
https://github.com/qt/qtbase/commit/2841e2b61e32f26900bde987d469c8b97ea31999
(qt4-x11 affected in src/gui/image/qgifhandler.cpp)
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: qt4-x11
Source-Version: 4:4.8.7+dfsg-18
We believe that the bug you reported is fixed in the latest version of
qt4-x11, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 923003@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qt4-x11 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 12 Apr 2019 23:10:28 +0300
Source: qt4-x11
Architecture: source
Version: 4:4.8.7+dfsg-18
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 923003
Changes:
qt4-x11 (4:4.8.7+dfsg-18) unstable; urgency=medium
.
* Team upload.
.
[ Edward Betts ]
* debian/NEWS: Replace UNRELEASED with unstable.
.
[ Alexander Volkov ]
* Backport some vulnerability fixes from Qt 5 (closes: #923003).
- CVE-2018-15518: double free or corruption in QXmlStreamReader.
- CVE-2018-19869: Qt Svg crash when parsing malformed url reference.
- CVE-2018-19870: NULL pointer dereference in QGifHandler.
- CVE-2018-19871: QTgaFile CPU exhaustion.
- CVE-2018-19872: crash when parsing a malformed PPM image.
- CVE-2018-19873: QBmpHandler segfault on malformed BMP file.
Checksums-Sha1:
8c60ce5ccb9566790121d04454f740d1bf18a707 6050 qt4-x11_4.8.7+dfsg-18.dsc
c36d8ec6dbf1ca0277df157bea2b8fa4006c31fb 328360 qt4-x11_4.8.7+dfsg-18.debian.tar.xz
c281f877990f6fee9621140d562544ff6e3f6ccf 13480 qt4-x11_4.8.7+dfsg-18_source.buildinfo
Checksums-Sha256:
094e2ec62f777e3377327c98d7d82274bff983b4a0bd1220143ba5ffd1bb3f39 6050 qt4-x11_4.8.7+dfsg-18.dsc
63eb69acb9b3cc57a2292e71e3affbf5d7378387e8f8ecd85bfee4e581c4fee9 328360 qt4-x11_4.8.7+dfsg-18.debian.tar.xz
2986770440eea9eb36e42a56fabb914ad335eba1ab9de38c0635d70adb29f27e 13480 qt4-x11_4.8.7+dfsg-18_source.buildinfo
Files:
8f3ee3c876d971e8b1cdec5f19375c73 6050 oldlibs optional qt4-x11_4.8.7+dfsg-18.dsc
9ade800670d889ae4c91bfd54dc4c244 328360 oldlibs optional qt4-x11_4.8.7+dfsg-18.debian.tar.xz
80658a5f2f372848c0cccb7bfea4cfdb 13480 oldlibs optional qt4-x11_4.8.7+dfsg-18_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEE8kKZ/xu8kBi5BqTLYCaTbS8ciuAFAlyw8uQTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBgJpNtLxyK4JH5D/4i/kDi6DgW3x13uloD7sx6Wsz5AIGT
Ud5q3g3d3swaUOrfNgQWG693WM650CGIxDkw7ziUr7F4+yF0hP28xkAJbtAMsDcf
TtGJj3hoDZYBBLpM+EUfL2N92cjFWsWGpodW5D5K/0Lvj2tBOV1df6U9FyJ2+RGB
SZAOqnQJ5N0QNaXq6e5ux44z4phxEANMJtu5aRMazjiOs8CJt20OBv0PSVwAKn9O
xwVIb68fyvsrOTj9zTi8VHi/nOI5RisEFH84Kevl4oLQEYnmelFBKfE7fSrhwtvl
v5z7kF+8iTdt8fyBhRlHEfCopd8yTB9DdmZNfPthhu3SMythzz++7a3bbpW3OeXa
oZ7THc3aJjMstDMaht7Fks72WU44JTTMpo4OSxUMsHYpDirv24bQbf2cQVFBPhHS
9RLL0tQrrU1XkPi1y9Ky7MO7NtNIOpp/IOoLUhmQwnV9S/H+NZPtWxDiLI7ebp7E
1fepFLA87BNkBQsr4/jj9RpNSvzg6aNl3kfr9+9SqZzcPk9iEMQNyaMOax7OOVru
WqsJ8rB+NNRAm6QXQ+OGiBJ0TZRcjzDpBlgqU+FMZiFk8voDhk6aP9v3WGLzbmKN
niP+xbV4vdADsWHKuHKQ4dkcuQhO4Xf2Ru2A3YuQBw+m96uXsnBaACyNG+gDxXpU
tb7AiI3AzCyQ+g==
=/zyv
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: