Bug#986798: marked as done (CVE-2021-3481)

To: Dmitry Shachnev <mitya57@debian.org>
Subject: Bug#986798: marked as done (CVE-2021-3481)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 12 Apr 2021 18:21:05 +0000
Message-id: <[🔎] handler.986798.D986798.161825155520386.ackdone@bugs.debian.org>
Reply-to: 986798@bugs.debian.org
References: <E1lW19W-0009oM-48@fasolo.debian.org> <[🔎] 161822036551.289167.6867095123735387643.reportbug@hullmann.westfalen.local>

Your message dated Mon, 12 Apr 2021 18:19:14 +0000
with message-id <E1lW19W-0009oM-48@fasolo.debian.org>
and subject line Bug#986798: fixed in qtsvg-opensource-src 5.15.2-3
has caused the Debian Bug report #986798,
regarding CVE-2021-3481
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
986798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986798
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2021-3481

From: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 12 Apr 2021 11:39:25 +0200

Message-id: <[🔎] 161822036551.289167.6867095123735387643.reportbug@hullmann.westfalen.local>
Source: qtsvg-opensource-src
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

This was assigned CVE-2021-3481:
https://bugreports.qt.io/browse/QTBUG-91507
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668

https://codereview.qt-project.org/c/qt/qtsvg/+/337587
https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0d8cf34b63d32adf10ed93daa0086b359f

Cheers,
        Moritz	
--- End Message ---

--- Begin Message ---

To: 986798-close@bugs.debian.org
Subject: Bug#986798: fixed in qtsvg-opensource-src 5.15.2-3
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 12 Apr 2021 18:19:14 +0000
Message-id: <E1lW19W-0009oM-48@fasolo.debian.org>
Reply-to: Dmitry Shachnev <mitya57@debian.org>

Source: qtsvg-opensource-src
Source-Version: 5.15.2-3
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtsvg-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986798@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtsvg-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 12 Apr 2021 20:58:31 +0300
Source: qtsvg-opensource-src
Architecture: source
Version: 5.15.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 986798
Changes:
 qtsvg-opensource-src (5.15.2-3) unstable; urgency=medium
 .
   * Backport upstream commits to fix out of bounds read in QRadialFetchSimd
     function (CVE-2021-3481, closes: #986798).
   * Update debian/watch to track only 5.15.x releases.
Checksums-Sha1:
 a55d77d18d6d37600c39412eca799088d1cee453 2901 qtsvg-opensource-src_5.15.2-3.dsc
 e69a5c07b01c487582f4066781ef3b23aeda4dc8 12752 qtsvg-opensource-src_5.15.2-3.debian.tar.xz
 047ecb75f008fb1039f33782dc405e3fe12e081c 11914 qtsvg-opensource-src_5.15.2-3_source.buildinfo
Checksums-Sha256:
 47a14b1a6896e396c8fcc72078180c3c00c5115f585f6dbdcaf70d64a9867d10 2901 qtsvg-opensource-src_5.15.2-3.dsc
 ee83edb7bbfff52ce760668052159bbf8d39159aab43e7afc6fec7319235e96d 12752 qtsvg-opensource-src_5.15.2-3.debian.tar.xz
 df0277796c59610b93d80050358541b1f8b97fca4a32b13b10a206fe10f62676 11914 qtsvg-opensource-src_5.15.2-3_source.buildinfo
Files:
 22262acaec0d73132c3dbae9f90e5190 2901 libs optional qtsvg-opensource-src_5.15.2-3.dsc
 61b50e01610f40078a9342afbba68f33 12752 libs optional qtsvg-opensource-src_5.15.2-3.debian.tar.xz
 33bf6644cb3eb1dc7a7d2da5add35999 11914 libs optional qtsvg-opensource-src_5.15.2-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE5688gqe4PSusUZcLZkYmW1hrg8sFAmB0iugTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBmRiZbWGuDy2X8D/9+sJpP3/J5aTkH/t2bF0g3fj34cRj0
w9kAYiv8J9PE5AiOW9i9GG9tzb0l71QQDONjNEmrYkcs3TD0K6eLj1g2cI6DAMYH
yWZE7XTTzPZXwm/zKOYLGr1dpCY1FUYBHFMDDQXdpbtaYIkORpIwZUDToEXOX4ha
IC2JBtnHxq6/84IR3RQi9f8QTV1hQXPtYNBySfIwTmEtXXrh7hIFPf+iHIS93V4j
cgI9GWxRl5kY9Im/LxsIZW/+mGMccqEw8oEfL+yxU43vtYHRmIx0XaMiSUIProty
1V7/RSm4jSOaa0tGF4HdnZDdOSzOKMNkMRzL/2aVnrks0QXpAvK8Po/nMvwXt2sW
h7YRygrjT1fD7A7VGpnPlL4OWdfi9jYuQo1d+rkRp1I8+QkMob+nhOGzjDieUgmm
R2j5P3dvx2Vmv2y5FTx09IQ+8bhLZk9lNe56yq3U7i0+CXjIsnJhqk3vcxt2MBCN
Hs6x9X9lBM7BqOPidrk5p2NwZaSGsAlD9b33b0GNTPZDdh1N//gS1oin5Py3al+A
cEAS2iwX0AzdI8XUSDf0OKoY5LqI+8A9CZ5Bv4Ij3v/IUb//tlls1QmDVNnvJ4JH
Eiv2v4+oeRDjxU+0vjs/bVB/f6WsTzlSFR16hnFFF3oBGk8rW5GDKpYx2WAP11vN
WyvTqEP4+IsMFg==
=ZChd
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#986798: CVE-2021-3481
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Processed: Bug#986798 marked as pending in qtsvg-opensource-src
Next by Date: Processing of qtsvg-opensource-src_5.15.2-3_source.changes
Previous by thread: Processed: Bug#986798 marked as pending in qtsvg-opensource-src
Next by thread: Processing of kcrash_5.81.0-1_source.changes
Index(es):
- Date
- Thread