[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1036848: marked as done (qt6-base: CVE-2023-33285)

Your message dated Sun, 28 May 2023 09:05:26 +0000
with message-id <E1q3CL8-00HQVk-Nf@fasolo.debian.org>
and subject line Bug#1036848: fixed in qt6-base 6.4.2+dfsg-10
has caused the Debian Bug report #1036848,
regarding qt6-base: CVE-2023-33285
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036848
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: qt6-base
Version: 6.4.2+dfsg-9
Severity: important
Tags: security upstream
Forwarded: https://codereview.qt-project.org/c/qt/qtbase/+/477644
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for qt6-base.

CVE-2023-33285[0]:
| An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9,
| and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-
| read via a crafted reply from a DNS server.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33285
    https://www.cve.org/CVERecord?id=CVE-2023-33285
[1] https://codereview.qt-project.org/c/qt/qtbase/+/477644
[2] https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=commitdiff;h=7dba2c87619d558a61a30eb30cc1d9c3fe6df94c

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: qt6-base
Source-Version: 6.4.2+dfsg-10
Done: Patrick Franz <deltaone@debian.org>

We believe that the bug you reported is fixed in the latest version of
qt6-base, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036848@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Franz <deltaone@debian.org> (supplier of updated qt6-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 May 2023 10:41:24 +0200
Source: qt6-base
Architecture: source
Version: 6.4.2+dfsg-10
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Patrick Franz <deltaone@debian.org>
Closes: 1036848
Changes:
 qt6-base (6.4.2+dfsg-10) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * Add patch to fix CVE-2023-33285 (Closes: #1036848).
Checksums-Sha1:
 f6f27bdc49ca5dd4aa981223656b7a3c4ae3404d 4834 qt6-base_6.4.2+dfsg-10.dsc
 7653ce44de1bed824fb623b3a6aa50f2cc03228f 179044 qt6-base_6.4.2+dfsg-10.debian.tar.xz
 581f27584e5a074f48e6110e3b796dda728ccb1b 9424 qt6-base_6.4.2+dfsg-10_source.buildinfo
Checksums-Sha256:
 1b4b5c8610a553d4211fa81e268b1a3b0a6339ae5444fdb7e60d7616da651970 4834 qt6-base_6.4.2+dfsg-10.dsc
 d1a2621b1acb1606db7274ccdb96654564cea04af836c5b86da94e150714d16c 179044 qt6-base_6.4.2+dfsg-10.debian.tar.xz
 d98a5ad811ad65b95d5884f9dcd46d3d90761612b0d87744bc8d3294979d7cc5 9424 qt6-base_6.4.2+dfsg-10_source.buildinfo
Files:
 3e5e9c2ff606c716f5eb33e2d8c5ddc0 4834 libs optional qt6-base_6.4.2+dfsg-10.dsc
 3296c212aa60a48dff09aa42859443c9 179044 libs optional qt6-base_6.4.2+dfsg-10.debian.tar.xz
 e157fca412ebd516c2c0e10993592b28 9424 libs optional qt6-base_6.4.2+dfsg-10_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYodBXDR68cxZHu3Knp96YDB3/lYFAmRzFjsACgkQnp96YDB3
/lasGRAAompmcKZ52XTAALbns23+ggtilKKrLIPCLeQsRvyomF/uhirrjey0iZ/S
Y6EscRsNVeuaAHLuCsxnpz7k4Xvbb5ZqxwotZcAbM8nY22KXhwmh1vSHUAYgmYqo
3Lhw2DN/pDbMVHb6Bb1WZ29NRPOy39kQMBn1ECDRUJ3pq7JC96q4hYbzKQ1xB6iO
eQ1ngWPnwOk5wJnXNBKEIncvSyKz9Axy+rEV4wFqLlw4ywDOJD8kGIMfq6LuTPHM
JhExMMn2Jt5uDtomNAIv5YAy2Q7ytiDiB1OL0Wgoyko4sQftWJZ+Dj0pBih9Kpb3
BHnZz4T0oWSoOOs9iJCHxYnPNVF6nhEkNs42J7N2imClE5aA2DKmkthKj3lNTgDQ
cAZ1JJBgv/03y3bRsBxzD2q4SYE6aUe391zeEfB/qljXRRFbEx8pUzFle85l1Txx
+p2qu0mT50zzs8GJr83dR2QcoZnNJy8gfAyfWsXVIrK+ILNAe68m6kF3JZ57aMEC
BvbqKy8tF7U/p4wkkoS8ExlBjEtmFTLtEd7T9RD1zPURpk2GkTB1v7kGwoR3QINp
1ix1/9jiMcNkbN3IY1F97JDCAvOau/OSi+WiA/tvbUdOK99xbgJq2CS3ByZFBmuW
fyECvZ0oBaRYlmzAHPIG0R+99DMiWi2OjSWLW8WPPPbYnc4oSU0=
=OqBJ
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: