Bug#1064053: marked as done (qtbase-opensource-src: CVE-2024-25580)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 18 Feb 2024 00:37:49 +0000
with message-id <E1rbVBl-004jJz-0Z@fasolo.debian.org>
and subject line Bug#1064053: fixed in qtbase-opensource-src 5.15.10+dfsg-7
has caused the Debian Bug report #1064053,
regarding qtbase-opensource-src: CVE-2024-25580
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1064053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064053
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: qtbase-opensource-src: CVE-2024-25580
• From: Moritz Mühlenhoff <jmm@inutil.org>
• Date: Fri, 16 Feb 2024 15:22:18 +0100
• Message-id: <[🔎] Zc9vmuNXtgrGjBqG@pisco.westfalen.local>

Source: qtbase-opensource-src
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for qtbase-opensource-src.

CVE-2024-25580[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2264423
https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-25580
    https://www.cve.org/CVERecord?id=CVE-2024-25580

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

• To: 1064053-close@bugs.debian.org
• Subject: Bug#1064053: fixed in qtbase-opensource-src 5.15.10+dfsg-7
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sun, 18 Feb 2024 00:37:49 +0000
• Message-id: <E1rbVBl-004jJz-0Z@fasolo.debian.org>
• Reply-to: Dmitry Shachnev <mitya57@debian.org>

Source: qtbase-opensource-src
Source-Version: 5.15.10+dfsg-7
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1064053@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Feb 2024 15:11:37 +0300
Source: qtbase-opensource-src
Architecture: source
Version: 5.15.10+dfsg-7
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1064053
Changes:
 qtbase-opensource-src (5.15.10+dfsg-7) unstable; urgency=medium
 .
   * Backport upstream patch to fix potential buffer overflow when reading
     KTX images (CVE-2024-25580, closes: #1064053).
Checksums-Sha1:
 e7018036ef9626a5510d2dcc58043c5e896c4045 5312 qtbase-opensource-src_5.15.10+dfsg-7.dsc
 f84c35ee48ec3930bf7604e37446617cdb5cb0ae 237812 qtbase-opensource-src_5.15.10+dfsg-7.debian.tar.xz
 c99497b1cf1fb3fd4eedd02ccc4faf17f06da23c 16912 qtbase-opensource-src_5.15.10+dfsg-7_source.buildinfo
Checksums-Sha256:
 2641c71d71807422c60a025cf7fa1491e8bb021d45a40ca590b08925aa64d6e6 5312 qtbase-opensource-src_5.15.10+dfsg-7.dsc
 4a4f2afe86be116a08858eecfd5a419f0304547e22e6c8f75bea2e145f325a1c 237812 qtbase-opensource-src_5.15.10+dfsg-7.debian.tar.xz
 591825e004480f25d54e1814f347cf22e8572a14cbc53d277cf50919cb5989ce 16912 qtbase-opensource-src_5.15.10+dfsg-7_source.buildinfo
Files:
 792d5429e0fbfa25675c5e6b0520699b 5312 libs optional qtbase-opensource-src_5.15.10+dfsg-7.dsc
 50a8fa3ae71c217c6c66637508f6f138 237812 libs optional qtbase-opensource-src_5.15.10+dfsg-7.debian.tar.xz
 d3b953a84fa480a69bc35bc4eaa99fe1 16912 libs optional qtbase-opensource-src_5.15.10+dfsg-7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmXQo3wTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRCyZhS0UvRGtrNCEACXPNqvTO5rLFSOroqSKn9+fK+xMNPj
8yV1wwkKXVCitjzJXVUO+GSx/lJE+nFxKhRL2DsRlm+RhGhvXp7tLwdozswCe4Uj
GO7I5sdpLCY3YGvLr3UKkKY+fg0o92yu43AUVZpRAFQsP2CB4pvGfIyVTxLCpk9c
+ZFI2SvFBJBSahj5sPiOABsxT7kLcK85mIMpoB8zM4Jy37xr+RBDqGnN8TnoO3lh
pYYNmi1dDIucadiKfDKWbnV9XMbFDLofyPm3P4o+zWOe3FlB4Xvtn0YsJdJddrTg
C3H7EVAPlsAIbhzltUQr3dtngaNAJBzBqL5uhiRGNFxr1zyXEghH0DO1lHuHfiSN
H3VOdpjqDw0Dd5DcGlJnmCKkWL3BQoMSFqKkCtus8KQA4S2ZJ7SvQh9RpZDWRu8b
WfNUkuDE4hsBXvV1KWyi5TkZjRJnkF6uDKw5dDjc7g+/vVXhgvjOlgN85zwuiC99
ejnzm5ZmwvcO9Xoe0zzwQU3vNv9TelAFlxFsHQFocV9T55CXWmsDW0PA6HM1c0kG
B/r+LV6bdCc0oJLU+0DJcpEYGoWVmDeQJxbF4/7MZ7LMLyzJ8EdvcYJ/tECn4jtF
Zj+2JhlENIEZ/0g//nS7Iav9GKI3qdi2M8ScNWIymFj9BpaELHMdKBt8cYszKkwY
GwQtlIS4pvQt7g==
=5rgS
-----END PGP SIGNATURE-----

Attachment: pgpIbIdfehhEQ.pgp
Description: PGP signature

--- End Message ---