Your message dated Sun, 11 Feb 2024 19:27:43 +0000 with message-id <E1rZFUN-007pm5-82@fasolo.debian.org> and subject line Bug#1060695: fixed in qtbase-opensource-src-gles 5.15.10+dfsg-4 has caused the Debian Bug report #1060695, regarding qtbase-opensource-src-gles: CVE-2023-51714 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1060695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060695 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: qtbase-opensource-src-gles: CVE-2023-51714
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Fri, 12 Jan 2024 23:12:34 +0100
- Message-id: <ZaG5Ug9bKylpUx6d@pisco.westfalen.local>
Source: qtbase-opensource-src-gles X-Debbugs-CC: team@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src-gles. CVE-2023-51714[0]: | An issue was discovered in the HTTP2 implementation in Qt before | 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and | 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an | incorrect HPack integer overflow check. https://codereview.qt-project.org/c/qt/qtbase/+/524864 https://codereview.qt-project.org/c/qt/qtbase/+/524865/3 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-51714 https://www.cve.org/CVERecord?id=CVE-2023-51714 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
- To: 1060695-close@bugs.debian.org
- Subject: Bug#1060695: fixed in qtbase-opensource-src-gles 5.15.10+dfsg-4
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 11 Feb 2024 19:27:43 +0000
- Message-id: <E1rZFUN-007pm5-82@fasolo.debian.org>
- Reply-to: Dmitry Shachnev <mitya57@debian.org>
Source: qtbase-opensource-src-gles Source-Version: 5.15.10+dfsg-4 Done: Dmitry Shachnev <mitya57@debian.org> We believe that the bug you reported is fixed in the latest version of qtbase-opensource-src-gles, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1060695@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src-gles package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 11 Feb 2024 21:44:36 +0300 Source: qtbase-opensource-src-gles Architecture: source Version: 5.15.10+dfsg-4 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Dmitry Shachnev <mitya57@debian.org> Closes: 1060695 Changes: qtbase-opensource-src-gles (5.15.10+dfsg-4) unstable; urgency=medium . * Merge qtbase-opensource-src 5.15.10+dfsg-6 upload. - Fixes CVE-2023-51714 (closes: #1060695). Checksums-Sha1: 44484e974cab7459e400ff3139c17ef5350e7826 3683 qtbase-opensource-src-gles_5.15.10+dfsg-4.dsc 899d22eef5d97d7eb61699e57a619420c4deedb8 138964 qtbase-opensource-src-gles_5.15.10+dfsg-4.debian.tar.xz 644a11360da38e7a9bfd135a0dd00ef7697eaae5 17007 qtbase-opensource-src-gles_5.15.10+dfsg-4_source.buildinfo Checksums-Sha256: da81916d7da1e4fb07e183b235af09f5dab927e8e231ba49533f0af5efd93a88 3683 qtbase-opensource-src-gles_5.15.10+dfsg-4.dsc 0414c07fb64ee82082cc137cb87b1c41f37ecd3320fc89e266049f8f08bfa3ee 138964 qtbase-opensource-src-gles_5.15.10+dfsg-4.debian.tar.xz 754ddede56d0a77228518de5e6ac2c8a8c576de04b4b629dc404b6e23b803097 17007 qtbase-opensource-src-gles_5.15.10+dfsg-4_source.buildinfo Files: 4d682a89be7120a07d359914290dc859 3683 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-4.dsc 4f20c5ace2bb1a346ae18d39cfe891f2 138964 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-4.debian.tar.xz 08ff5aa4075e6b4e5110c06485143536 17007 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmXJFjkTHG1pdHlhNTdA ZGViaWFuLm9yZwAKCRCyZhS0UvRGtqRlD/9AOFPEBqPiF6R6sIXlyrsfoq936QHI vjzSigrGyH9GRMLM9vL1Jg45qsul+ziFRHjJ5MJx0/q8cFYysoHD7JL0u0Klwakn AZ+8f3LwPi3nmobSbbEXx9SskpedICpNyYip3rS/Lpg8+B+xjhkykvOXBGWfehXy 88QwT0tL7Od+JOrfika8qZTllZkaV/UGITex4W+eflfKltJ8+waBM6RZKOnhLDvy xBBD7Vg+u8P62dnzPxsOhh7Y3AisQCskdr0c2yZcjkXeWUxDPP9jXosGOrpSdzcp QBnghq8ZRmIMVgXK3Lj5tEXkLPn2SxBYQqYxjhq0DVf2DE4BJV48o7SbKb10BM3I KRDEsgciPaiXbn3MDbK0LDBJtdpZhePAa5JsYWeesLtfSt99p0vxPzpl2DJcjJli FOAv/RjCkV8xcMFTeqDjHWNPX2cTjIS7/FMf2L5WnykN5e3WzBeRpAcYp3YKu5F9 yxhaYCXPdlfoPp5b0M3aoSpMYGm8YeBAlKcHVu2BGcfCF/Fe2FHD/hcv9ZAl4h1R jL8jSCO+MgOdGI3JV9l63QdUxUSmb4os7Qc/e9e7jocFvK7iyHPjc/MIn0O1WtoO vkl8HJvXqXzn2vzpfKLgfOXZigi+5WHlGn9aEx57KPudupl3MRc55CnlRMzvLL2h zD2QvO1HJB/txQ== =RcS0 -----END PGP SIGNATURE-----Attachment: pgpf1dIjXV4lt.pgp
Description: PGP signature
--- End Message ---