Bug#1064054: marked as done (qtbase-opensource-src-gles: CVE-2024-25580)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 26 Feb 2024 09:10:01 +0000
with message-id <E1reWzp-00CTbg-Rh@fasolo.debian.org>
and subject line Bug#1064054: fixed in qtbase-opensource-src-gles 5.15.10+dfsg-5
has caused the Debian Bug report #1064054,
regarding qtbase-opensource-src-gles: CVE-2024-25580
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1064054: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064054
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: qtbase-opensource-src-gles: CVE-2024-25580
• From: Moritz Mühlenhoff <jmm@inutil.org>
• Date: Fri, 16 Feb 2024 15:22:45 +0100
• Message-id: <[🔎] Zc9vtdGnbxKjngOC@pisco.westfalen.local>

Source: qtbase-opensource-src-gles
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for qtbase-opensource-src-gles.

CVE-2024-25580[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2264423
https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-25580
    https://www.cve.org/CVERecord?id=CVE-2024-25580

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

• To: 1064054-close@bugs.debian.org
• Subject: Bug#1064054: fixed in qtbase-opensource-src-gles 5.15.10+dfsg-5
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Mon, 26 Feb 2024 09:10:01 +0000
• Message-id: <E1reWzp-00CTbg-Rh@fasolo.debian.org>
• Reply-to: Dmitry Shachnev <mitya57@debian.org>

Source: qtbase-opensource-src-gles
Source-Version: 5.15.10+dfsg-5
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src-gles, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1064054@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src-gles package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 26 Feb 2024 11:26:43 +0300
Source: qtbase-opensource-src-gles
Architecture: source
Version: 5.15.10+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1064054
Changes:
 qtbase-opensource-src-gles (5.15.10+dfsg-5) unstable; urgency=medium
 .
   * Merge qtbase-opensource-src 5.15.10+dfsg-7 upload.
     - Fixes CVE-2024-25580 (closes: #1064054).
Checksums-Sha1:
 37769c1df7e8c664fb00258248faac75f85e7db9 3683 qtbase-opensource-src-gles_5.15.10+dfsg-5.dsc
 03729a523c0fd7313b05f68559e7a2c8d60c50df 140636 qtbase-opensource-src-gles_5.15.10+dfsg-5.debian.tar.xz
 975b4b955e2770e32170011363fe38effb0ec109 17112 qtbase-opensource-src-gles_5.15.10+dfsg-5_source.buildinfo
Checksums-Sha256:
 28f151f4e2dadb4c5f7655d9b9bf5126ec16653ba53429793d8dbcc6894cfd9e 3683 qtbase-opensource-src-gles_5.15.10+dfsg-5.dsc
 b14016d29f9f04e6a02477a5dbdaa97bbd3f83d92598f1fc332188f6ab3a73b0 140636 qtbase-opensource-src-gles_5.15.10+dfsg-5.debian.tar.xz
 129b30ffeb0d652ff731d581005b392ae52e59298c332161c6bb4529ff864aad 17112 qtbase-opensource-src-gles_5.15.10+dfsg-5_source.buildinfo
Files:
 d67cb065db04cc67faba1812cf5b3127 3683 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-5.dsc
 9aa3b5b3d9f18bb382fea4f9ce8ee624 140636 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-5.debian.tar.xz
 7660ab8df91ec8ed1682e7e1922c51fe 17112 libs optional qtbase-opensource-src-gles_5.15.10+dfsg-5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmXcTCsTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRCyZhS0UvRGtmf4EACU9trQR/Jf0xullWxpwmYY3ItzDrpe
xoiXu2yWt3GOSw0uT4buMbeGJK/z8vglHnNhpWL+jVD1FBbM9wz8H6XQdQZqToDu
bzIJ485cumYOrMT0WSXT7/JRR7+NPOaTEDSQb6gOxs57xXt+irAuDoKBam1XbN1M
I97iENHJfHX3ntUsltnddDSR8v0to1RxodwQkfaUlsUoY+VDvrb4n9BLJ2Ji04AD
5IYSt/ocyLYe+oH/z9mEEkbmx+rmp4F4KhZ4wr7pKLIsWrI+cJS5Wxq0arjHdtqQ
pDS8H5lLYLcuwZs4dQE5qpNA+jO3IE9mnuuvzG9jb4i3gb87M3DPTL6AmW71P8Wz
5zw2IKGQKzk2VQFHy1Fmxv9YfMpcawiA7WaKhPGDlaSSAT53ZLjdaQ3ZSYBEkYdh
ZkFe5EqynmGzl5spdTxOmXDZ09wWAnJRmtyHZztDJmnQp+QsupG+dmJ35GOGRhSE
qayb7RMyraqOxz234tQSb9mg+EJBnGxkwM9sAKRgy4uuSfaRNpHTYdC0VYem8Ebh
DIwrJ8L/M1OKzgz/eUv279NeLDIFfuN+KhjmtZczVk6KJhmt39LEluPmiCQYy020
ZX4ftbbIewY9gzIGXybPXn/HWeOOQSxa4aohxutehY+DxrnkGxsnE1eu2nWLdK3h
cGu5Dn2HCu96Gw==
=+4qZ
-----END PGP SIGNATURE-----

Attachment: pgpSFeNCcTPWC.pgp
Description: PGP signature

--- End Message ---