Bug#1037210: marked as done (qtbase-opensource-src: CVE-2023-34410)
Your message dated Thu, 08 Jun 2023 08:20:48 +0000
with message-id <E1q7Asy-00GsxL-Fr@fasolo.debian.org>
and subject line Bug#1037210: fixed in qtbase-opensource-src 5.15.8+dfsg-12
has caused the Debian Bug report #1037210,
regarding qtbase-opensource-src: CVE-2023-34410
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1037210: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037210
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: qt6-base
Version: 6.4.2+dfsg-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:qtbase-opensource-src 5.15.8+dfsg-11
Control: retitle -2 qtbase-opensource-src: CVE-2023-34410
Hi,
The following vulnerability was published for Qt.
CVE-2023-34410[0]:
| An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and
| 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS
| does not always consider whether the root of a chain is a configured
| CA certificate.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-34410
https://www.cve.org/CVERecord?id=CVE-2023-34410
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
-- System Information:
Debian Release: 12.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.3.0-0-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_DIE, TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: qtbase-opensource-src
Source-Version: 5.15.8+dfsg-12
Done: Dmitry Shachnev <mitya57@debian.org>
We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1037210@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 08 Jun 2023 10:37:43 +0300
Source: qtbase-opensource-src
Architecture: source
Version: 5.15.8+dfsg-12
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1037210
Changes:
qtbase-opensource-src (5.15.8+dfsg-12) unstable; urgency=medium
.
* Backport upstream patch to fix CVE-2023-34410 (closes: #1037210).
- Note: this is the second patch related to that CVE; the first one
is for Schannel code which is Windows-only, so we don't need it.
Checksums-Sha1:
5806989925f45ea962d085a7da59fffe8f136c7c 5434 qtbase-opensource-src_5.15.8+dfsg-12.dsc
f8d938ece8445566c6a7c3ef6428bedd364f2432 233784 qtbase-opensource-src_5.15.8+dfsg-12.debian.tar.xz
6aa3fb6274ee8a14b76987cec3332f6afd3ff81c 15635 qtbase-opensource-src_5.15.8+dfsg-12_source.buildinfo
Checksums-Sha256:
2f32774e57828eb4758b7db4cf3731361beaa2d8ed55c352b225fe913455f8d7 5434 qtbase-opensource-src_5.15.8+dfsg-12.dsc
ff876529d20edb9b9f92af16b291e18602beb6d0382ae0f7f81ab4fdcbe8a697 233784 qtbase-opensource-src_5.15.8+dfsg-12.debian.tar.xz
2ca3c1291021f90a6366f8cd4819e2bb2f7762c66bcf8710145ccae16f12b5ab 15635 qtbase-opensource-src_5.15.8+dfsg-12_source.buildinfo
Files:
42c0bc66cdd70620317a6a3cf0045ce5 5434 libs optional qtbase-opensource-src_5.15.8+dfsg-12.dsc
0104de63fe4035ed1ee98f70f39f51b7 233784 libs optional qtbase-opensource-src_5.15.8+dfsg-12.debian.tar.xz
c1bf10b17a634367bd6dc1f90e1d045f 15635 libs optional qtbase-opensource-src_5.15.8+dfsg-12_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEE5688gqe4PSusUZcLZkYmW1hrg8sFAmSBhnETHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBmRiZbWGuDy3BAEACPRrywnb55tIxmWmzbGHcV+nLnzftM
4BqPPqJPvKyt0xB+Jt6+o7GqOj3iB0e8lptr+sAf8RiwNX9T6Up1MHJNaYNF0JR+
u6vMWl8jYuFZn0u9kPtZ8pV/nQfH8wfD+gW1WB4alYWPDjIIYWd8L+46z6Fs3O9Y
WlQDEh+xMglYoF2oIx2qdF8sBT99ZX3TCnloGNDUxDPsejCaF13Be/DrFKtUK+SI
QKL5m9PQ1u5hvVzYDgda/C/ND+QP6LWGuaDvH4P7tDGPxChRf3wBXARA9mqdJMqm
6yubaz7hS4dS8IFIxyzdf+FodEQxpxe1UbZKrPhm5oNro+rUVyDFsiXUKKType3L
tAj88LdqMOsmkeUQGivkaA8+GgzQBSyDNEmqmmpKJ/OosrEGg0oOab2SizBBA2R1
BtVqNjA3G6SopTvW5lbguHDey/fJ6GegtIMWkTZmkavSGeKupbLabaJQHVV9MvTG
Un9fJSZtW6p8zWtAYZM65ExWBP1AR9MrgdgpH2QNWs0zSOofds97jXo5ReznYZzj
YdVNInmQJAQox7NStrHPJ00nUXd3Q8+AF4CEFRqqCDKKdYtTkGQXhMgln/oeW8P+
BNRGsVkQbwowPNLI2cYK2V9nFhyySSa0URzRX55RvIEGsWGwrkTLGIE15kY/k+zy
1t02gDYZXVn5Vg==
=A5jI
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: