Bug#1041106: marked as done (qtbase-opensource-src-gles: CVE-2023-38197)
Your message dated Tue, 14 Nov 2023 11:25:20 +0000
with message-id <E1r2rXk-00Fnvf-Jd@fasolo.debian.org>
and subject line Bug#1041106: fixed in qtbase-opensource-src-gles 5.15.10+dfsg-3
has caused the Debian Bug report #1041106,
regarding qtbase-opensource-src-gles: CVE-2023-38197
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1041106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041106
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: qtbase-opensource-src-gles: CVE-2023-38197
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Fri, 14 Jul 2023 23:39:22 +0200
- Message-id: <ZLHAiq2GeM/IxoCI@pisco.westfalen.local>
Source: qtbase-opensource-src-gles
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtbase-opensource-src-gles.
CVE-2023-38197[0]:
| An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and
| 6.3.x through 6.5.x before 6.5.3. There are infinite loops in
| recursive entity expansion.
https://codereview.qt-project.org/c/qt/qtbase/+/488960
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-38197
https://www.cve.org/CVERecord?id=CVE-2023-38197
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: qtbase-opensource-src-gles
Source-Version: 5.15.10+dfsg-3
Done: Dmitry Shachnev <mitya57@debian.org>
We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src-gles, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1041106@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src-gles package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Nov 2023 13:52:43 +0300
Source: qtbase-opensource-src-gles
Architecture: source
Version: 5.15.10+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1041106 1049198 1054700
Changes:
qtbase-opensource-src-gles (5.15.10+dfsg-3) unstable; urgency=medium
.
* Merge qtbase-opensource-src 5.15.10+dfsg-5 upload.
- Fixes CVE-2023-38197 (closes: #1041106).
- Fixes FTBFS with libxkbcommon 1.6.0 (closes: #1054700).
- Fixes FTBFS after successful build (closes: #1049198).
Checksums-Sha1:
395b4fd9a956cd8d4afca70487d8a06407667bad 3683 qtbase-opensource-src-gles_5.15.10+dfsg-3.dsc
a8584fee9c4ae12f3255252860a5fb8b97feb447 138488 qtbase-opensource-src-gles_5.15.10+dfsg-3.debian.tar.xz
80fa59cb81df4c591442c1922ace854e1fcc5d0b 16209 qtbase-opensource-src-gles_5.15.10+dfsg-3_source.buildinfo
Checksums-Sha256:
a413de10d840b232650d2acd0f21d27594ba80373828aac3c08e3c4cc7797689 3683 qtbase-opensource-src-gles_5.15.10+dfsg-3.dsc
486e2e22a387e8597652a9cbc423eb30c51ebbc25cee5970ab78a53fc6614fc1 138488 qtbase-opensource-src-gles_5.15.10+dfsg-3.debian.tar.xz
9a85bc643c659de1f8e3e36f81dbc5914b320369f716161372f941e69aa5ceb6 16209 qtbase-opensource-src-gles_5.15.10+dfsg-3_source.buildinfo
Files:
6869dcbd6f5259b060f41b410468ff22 3683 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-3.dsc
4a5f4e4e73675ab7cdce98b8c93b688f 138488 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-3.debian.tar.xz
292d67817c34bd975c983d7913913d8e 16209 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmVTUuYTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRCyZhS0UvRGtuTkD/4go5Sa7/Rf/KpKdrj67o3ASfvXMX4a
0LI0lv9C0w/hSJbW0hjyNIbojX0kScRaXl5TKIjXod2dUzvWAH/DTU2PKZrm2S4D
qJv3oGWQdsFAm6S6QGCbjNRYWTO09joA+lzyY9OH6CtqVjhK1kKunERS/RkIeeJj
pLNX3bD/fHcFQ2doHuTcaGL44oS2SwAlrcQf62iB7nAUhxsB7pc2eiqncLMJlU7y
Mqm7CcpfoPKNbINhBeUwuX5cJq6Pkq/zoue9AuGNw7DiBIxch9MErA3Vgo52n6if
/x0pmTdkm9esu+DFMi92O7uQGrsoZGVKnr0T22gZDSQgq8z+JulsWBxaBF3NBTrz
q7ke57/bbVoJSmzDoxIasAbZPqrtxOxCeCqWBCIcj7akbP/6Tl+DIoE3hMo13p79
I9jwi2jUt+mUhhkeKjicKDv4lffPlagpBqc2/0zIyksuauHhY4pW7gxA8YXvIMib
xolY2u8/Fuhw+QOIw4QROjWLmV92OmFlPlpbWAf0YSzbsWne9BrcLoJe3qc28W0a
ejX7Me7gnHKRHLKSrKcBkk5pU0zoszo7itIHlVp7cI/cqoQe5hkYEP1Va9Fl5rnL
sMAwUNvYDPvIKwqebXRxmw+oZ6i4IzkBIh75j/wL1qcb9wh0BtjZpgtofggCisli
t+oqX6DpaZXORQ==
=I0xA
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: