[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#968444: marked as done (qtbase-opensource-src: CVE-2020-17507)

Your message dated Wed, 19 Aug 2020 18:11:46 +0000
with message-id <E1k8SYs-0007l8-E8@fasolo.debian.org>
and subject line Bug#968444: fixed in qtbase-opensource-src 5.14.2+dfsg-6
has caused the Debian Bug report #968444,
regarding qtbase-opensource-src: CVE-2020-17507
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
968444: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968444
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: qtbase-opensource-src
Version: 5.14.2+dfsg-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 5.14.2+dfsg-4
Control: found -1 5.11.3+dfsg1-1+deb10u3 
Control: found -1 5.11.3+dfsg1-1

Hi,

The following vulnerability was published for qtbase-opensource-src.

CVE-2020-17507[0]:
| An issue was discovered in Qt through 5.12.9, and 5.13.x through
| 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a
| buffer over-read.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-17507
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507
[1] https://codereview.qt-project.org/c/qt/qtbase/+/308436
[2] https://codereview.qt-project.org/c/qt/qtbase/+/308495
[3] https://codereview.qt-project.org/c/qt/qtbase/+/308496

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: qtbase-opensource-src
Source-Version: 5.14.2+dfsg-6
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 968444@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Aug 2020 20:40:32 +0300
Source: qtbase-opensource-src
Architecture: source
Version: 5.14.2+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 968444
Changes:
 qtbase-opensource-src (5.14.2+dfsg-6) unstable; urgency=medium
 .
   * Backport upstream patch to fix buffer overflow in XBM parser
     (CVE-2020-17507, closes: #968444).
   * Backport upstream patch to handle SSL_shutdown's errors properly
     (CVE-2020-13962).
   * Update symbols files from buildds’ logs.
Checksums-Sha1:
 bf2e5a6add8feab5ad317d3a853c6c7f6e44cd2d 5519 qtbase-opensource-src_5.14.2+dfsg-6.dsc
 53a3f9abccb69e9bdff4aa3f2d8083c69fe53366 259276 qtbase-opensource-src_5.14.2+dfsg-6.debian.tar.xz
 b8dda4e72f751d49c513cc7a7bf33cba89274f82 17635 qtbase-opensource-src_5.14.2+dfsg-6_source.buildinfo
Checksums-Sha256:
 ff377301062f60a0610cca6abebe9e9bbb9b22edfdd6c7ec1f1b6dd88a8adf04 5519 qtbase-opensource-src_5.14.2+dfsg-6.dsc
 b5c40b114d8819c11db9c1993513b391a97ea605663b63770b949e3b1d6f58e8 259276 qtbase-opensource-src_5.14.2+dfsg-6.debian.tar.xz
 f997d4ae9535f8245f2e80a589ff0f8d6cae4690047235be46e1d3f705c49e7f 17635 qtbase-opensource-src_5.14.2+dfsg-6_source.buildinfo
Files:
 3761f4f48ca942286d4088034385c7af 5519 libs optional qtbase-opensource-src_5.14.2+dfsg-6.dsc
 3cdea78d965f8195e6e120261ad692d7 259276 libs optional qtbase-opensource-src_5.14.2+dfsg-6.debian.tar.xz
 846ba1eee3931fa8c1d01cb9509172a0 17635 libs optional qtbase-opensource-src_5.14.2+dfsg-6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE5688gqe4PSusUZcLZkYmW1hrg8sFAl89ZNQTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBmRiZbWGuDy1TfD/9bhtqjp/DEDiQP2d8aEWwZGS5oKMuY
pDtICjj1n3uAUBWsj9n6XVGvpoSkjD1AkLRTQXs9xiWMwIn6K/VQ9mX73a52nBCk
SxbTp31EkZj65w8pMtKMugVKK6luRjTbw5Rj4/hq7nGXOMWBX3w0Jmr55bYQRh13
lm31MLPYlh1yi2Zj3qEIShrKG3yxvh5yisYd+oueGxynSuZ3sN/pLaQs46eHWMvJ
WonbG6ryMC5zFjH2BTOR2gH4FERtDY06eupxqe2BDeqVlyVr1lJmp9ULIq+Xtmg/
pXJJQnh14CVDxz9t/KUbdFx88oa+EQM5tiwtd5LP2hSXECsPja8+VEy+dz5P2mB4
RsEEFpAWMBS51K1ewTxLLdgI4//ZnklzVPUtbsYyrTUiemkgVfaS7U218VUmJuvM
dzZJiwQ0FCadHdJXvaqGG0JT+XNuAnLHEMsAMZmIPm3wLCYhhFONcFOkp6D6y3ot
Wag8rl7KzSS/y2Tmv5VU9dI6ICTUrcI+lGstTfyW70w8gYOSWYvBisuMi/LcUWxn
aPxrQ7tTMI5jp4rcvou2raFftIquDoVeKq3ZZ7kGLCLu8PGZs5Lm7hTljRu8XO2U
LueQn4CGP1V3AkkZAIjo5705aIDaaX3kcKpC4kXteFw83eRIn5xbgf7pTE80x8We
64F7zPrxrKRtQg==
=8w54
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: