Your message dated Sun, 18 Feb 2024 00:37:49 +0000 with message-id <E1rbVBl-004jJz-0Z@fasolo.debian.org> and subject line Bug#1064053: fixed in qtbase-opensource-src 5.15.10+dfsg-7 has caused the Debian Bug report #1064053, regarding qtbase-opensource-src: CVE-2024-25580 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1064053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064053 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: qtbase-opensource-src: CVE-2024-25580
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Fri, 16 Feb 2024 15:22:18 +0100
- Message-id: <[🔎] Zc9vmuNXtgrGjBqG@pisco.westfalen.local>
Source: qtbase-opensource-src X-Debbugs-CC: team@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src. CVE-2024-25580[0]: https://bugzilla.redhat.com/show_bug.cgi?id=2264423 https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-25580 https://www.cve.org/CVERecord?id=CVE-2024-25580 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
- To: 1064053-close@bugs.debian.org
- Subject: Bug#1064053: fixed in qtbase-opensource-src 5.15.10+dfsg-7
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 18 Feb 2024 00:37:49 +0000
- Message-id: <E1rbVBl-004jJz-0Z@fasolo.debian.org>
- Reply-to: Dmitry Shachnev <mitya57@debian.org>
Source: qtbase-opensource-src Source-Version: 5.15.10+dfsg-7 Done: Dmitry Shachnev <mitya57@debian.org> We believe that the bug you reported is fixed in the latest version of qtbase-opensource-src, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1064053@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 17 Feb 2024 15:11:37 +0300 Source: qtbase-opensource-src Architecture: source Version: 5.15.10+dfsg-7 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Dmitry Shachnev <mitya57@debian.org> Closes: 1064053 Changes: qtbase-opensource-src (5.15.10+dfsg-7) unstable; urgency=medium . * Backport upstream patch to fix potential buffer overflow when reading KTX images (CVE-2024-25580, closes: #1064053). Checksums-Sha1: e7018036ef9626a5510d2dcc58043c5e896c4045 5312 qtbase-opensource-src_5.15.10+dfsg-7.dsc f84c35ee48ec3930bf7604e37446617cdb5cb0ae 237812 qtbase-opensource-src_5.15.10+dfsg-7.debian.tar.xz c99497b1cf1fb3fd4eedd02ccc4faf17f06da23c 16912 qtbase-opensource-src_5.15.10+dfsg-7_source.buildinfo Checksums-Sha256: 2641c71d71807422c60a025cf7fa1491e8bb021d45a40ca590b08925aa64d6e6 5312 qtbase-opensource-src_5.15.10+dfsg-7.dsc 4a4f2afe86be116a08858eecfd5a419f0304547e22e6c8f75bea2e145f325a1c 237812 qtbase-opensource-src_5.15.10+dfsg-7.debian.tar.xz 591825e004480f25d54e1814f347cf22e8572a14cbc53d277cf50919cb5989ce 16912 qtbase-opensource-src_5.15.10+dfsg-7_source.buildinfo Files: 792d5429e0fbfa25675c5e6b0520699b 5312 libs optional qtbase-opensource-src_5.15.10+dfsg-7.dsc 50a8fa3ae71c217c6c66637508f6f138 237812 libs optional qtbase-opensource-src_5.15.10+dfsg-7.debian.tar.xz d3b953a84fa480a69bc35bc4eaa99fe1 16912 libs optional qtbase-opensource-src_5.15.10+dfsg-7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmXQo3wTHG1pdHlhNTdA ZGViaWFuLm9yZwAKCRCyZhS0UvRGtrNCEACXPNqvTO5rLFSOroqSKn9+fK+xMNPj 8yV1wwkKXVCitjzJXVUO+GSx/lJE+nFxKhRL2DsRlm+RhGhvXp7tLwdozswCe4Uj GO7I5sdpLCY3YGvLr3UKkKY+fg0o92yu43AUVZpRAFQsP2CB4pvGfIyVTxLCpk9c +ZFI2SvFBJBSahj5sPiOABsxT7kLcK85mIMpoB8zM4Jy37xr+RBDqGnN8TnoO3lh pYYNmi1dDIucadiKfDKWbnV9XMbFDLofyPm3P4o+zWOe3FlB4Xvtn0YsJdJddrTg C3H7EVAPlsAIbhzltUQr3dtngaNAJBzBqL5uhiRGNFxr1zyXEghH0DO1lHuHfiSN H3VOdpjqDw0Dd5DcGlJnmCKkWL3BQoMSFqKkCtus8KQA4S2ZJ7SvQh9RpZDWRu8b WfNUkuDE4hsBXvV1KWyi5TkZjRJnkF6uDKw5dDjc7g+/vVXhgvjOlgN85zwuiC99 ejnzm5ZmwvcO9Xoe0zzwQU3vNv9TelAFlxFsHQFocV9T55CXWmsDW0PA6HM1c0kG B/r+LV6bdCc0oJLU+0DJcpEYGoWVmDeQJxbF4/7MZ7LMLyzJ8EdvcYJ/tECn4jtF Zj+2JhlENIEZ/0g//nS7Iav9GKI3qdi2M8ScNWIymFj9BpaELHMdKBt8cYszKkwY GwQtlIS4pvQt7g== =5rgS -----END PGP SIGNATURE-----Attachment: pgpIbIdfehhEQ.pgp
Description: PGP signature
--- End Message ---