Bug#1060695: marked as done (qtbase-opensource-src-gles: CVE-2023-51714)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 11 Feb 2024 19:27:43 +0000
with message-id <E1rZFUN-007pm5-82@fasolo.debian.org>
and subject line Bug#1060695: fixed in qtbase-opensource-src-gles 5.15.10+dfsg-4
has caused the Debian Bug report #1060695,
regarding qtbase-opensource-src-gles: CVE-2023-51714
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1060695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060695
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: qtbase-opensource-src-gles: CVE-2023-51714
• From: Moritz Mühlenhoff <jmm@inutil.org>
• Date: Fri, 12 Jan 2024 23:12:34 +0100
• Message-id: <ZaG5Ug9bKylpUx6d@pisco.westfalen.local>

Source: qtbase-opensource-src-gles
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for qtbase-opensource-src-gles.

CVE-2023-51714[0]:
| An issue was discovered in the HTTP2 implementation in Qt before
| 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and
| 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an
| incorrect HPack integer overflow check.

https://codereview.qt-project.org/c/qt/qtbase/+/524864
https://codereview.qt-project.org/c/qt/qtbase/+/524865/3

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-51714
    https://www.cve.org/CVERecord?id=CVE-2023-51714

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

• To: 1060695-close@bugs.debian.org
• Subject: Bug#1060695: fixed in qtbase-opensource-src-gles 5.15.10+dfsg-4
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sun, 11 Feb 2024 19:27:43 +0000
• Message-id: <E1rZFUN-007pm5-82@fasolo.debian.org>
• Reply-to: Dmitry Shachnev <mitya57@debian.org>

Source: qtbase-opensource-src-gles
Source-Version: 5.15.10+dfsg-4
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src-gles, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1060695@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src-gles package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 Feb 2024 21:44:36 +0300
Source: qtbase-opensource-src-gles
Architecture: source
Version: 5.15.10+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1060695
Changes:
 qtbase-opensource-src-gles (5.15.10+dfsg-4) unstable; urgency=medium
 .
   * Merge qtbase-opensource-src 5.15.10+dfsg-6 upload.
     - Fixes CVE-2023-51714 (closes: #1060695).
Checksums-Sha1:
 44484e974cab7459e400ff3139c17ef5350e7826 3683 qtbase-opensource-src-gles_5.15.10+dfsg-4.dsc
 899d22eef5d97d7eb61699e57a619420c4deedb8 138964 qtbase-opensource-src-gles_5.15.10+dfsg-4.debian.tar.xz
 644a11360da38e7a9bfd135a0dd00ef7697eaae5 17007 qtbase-opensource-src-gles_5.15.10+dfsg-4_source.buildinfo
Checksums-Sha256:
 da81916d7da1e4fb07e183b235af09f5dab927e8e231ba49533f0af5efd93a88 3683 qtbase-opensource-src-gles_5.15.10+dfsg-4.dsc
 0414c07fb64ee82082cc137cb87b1c41f37ecd3320fc89e266049f8f08bfa3ee 138964 qtbase-opensource-src-gles_5.15.10+dfsg-4.debian.tar.xz
 754ddede56d0a77228518de5e6ac2c8a8c576de04b4b629dc404b6e23b803097 17007 qtbase-opensource-src-gles_5.15.10+dfsg-4_source.buildinfo
Files:
 4d682a89be7120a07d359914290dc859 3683 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-4.dsc
 4f20c5ace2bb1a346ae18d39cfe891f2 138964 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-4.debian.tar.xz
 08ff5aa4075e6b4e5110c06485143536 17007 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmXJFjkTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRCyZhS0UvRGtqRlD/9AOFPEBqPiF6R6sIXlyrsfoq936QHI
vjzSigrGyH9GRMLM9vL1Jg45qsul+ziFRHjJ5MJx0/q8cFYysoHD7JL0u0Klwakn
AZ+8f3LwPi3nmobSbbEXx9SskpedICpNyYip3rS/Lpg8+B+xjhkykvOXBGWfehXy
88QwT0tL7Od+JOrfika8qZTllZkaV/UGITex4W+eflfKltJ8+waBM6RZKOnhLDvy
xBBD7Vg+u8P62dnzPxsOhh7Y3AisQCskdr0c2yZcjkXeWUxDPP9jXosGOrpSdzcp
QBnghq8ZRmIMVgXK3Lj5tEXkLPn2SxBYQqYxjhq0DVf2DE4BJV48o7SbKb10BM3I
KRDEsgciPaiXbn3MDbK0LDBJtdpZhePAa5JsYWeesLtfSt99p0vxPzpl2DJcjJli
FOAv/RjCkV8xcMFTeqDjHWNPX2cTjIS7/FMf2L5WnykN5e3WzBeRpAcYp3YKu5F9
yxhaYCXPdlfoPp5b0M3aoSpMYGm8YeBAlKcHVu2BGcfCF/Fe2FHD/hcv9ZAl4h1R
jL8jSCO+MgOdGI3JV9l63QdUxUSmb4os7Qc/e9e7jocFvK7iyHPjc/MIn0O1WtoO
vkl8HJvXqXzn2vzpfKLgfOXZigi+5WHlGn9aEx57KPudupl3MRc55CnlRMzvLL2h
zD2QvO1HJB/txQ==
=RcS0
-----END PGP SIGNATURE-----

Attachment: pgpf1dIjXV4lt.pgp
Description: PGP signature

--- End Message ---