[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1077544: marked as done (qtbase-opensource-src-gles: CVE-2024-39936)

Your message dated Tue, 10 Sep 2024 12:38:13 +0000
with message-id <E1so08L-001hzT-5I@fasolo.debian.org>
and subject line Bug#1077544: fixed in qtbase-opensource-src-gles 5.15.15+dfsg-1
has caused the Debian Bug report #1077544,
regarding qtbase-opensource-src-gles: CVE-2024-39936
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1077544: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077544
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: qtbase-opensource-src-gles
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for qtbase-opensource-src-gles.

CVE-2024-39936[0]:
| An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before
| 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x
| before 6.7.3. Code to make security-relevant decisions about an
| established connection may execute too early, because the
| encrypted() signal has not yet been emitted and processed..

https://codereview.qt-project.org/c/qt/qtbase/+/571601
https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=b1e75376cc3adfc7da5502a277dfe9711f3e0536

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-39936
    https://www.cve.org/CVERecord?id=CVE-2024-39936

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: qtbase-opensource-src-gles
Source-Version: 5.15.15+dfsg-1
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src-gles, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1077544@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src-gles package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Sep 2024 12:52:21 +0300
Source: qtbase-opensource-src-gles
Built-For-Profiles: noudeb
Architecture: source
Version: 5.15.15+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1077544
Changes:
 qtbase-opensource-src-gles (5.15.15+dfsg-1) experimental; urgency=medium
 .
   * Merge qtbase-opensource-src 5.15.15+dfsg-1 upload.
     - Adds a patch for CVE-2024-39936 (closes: #1077544).
   * Bump qtbase build-dependencies to 5.15.15.
Checksums-Sha1:
 56640b76af1d7d0e195f9b1478b7b2480e7b10cc 3649 qtbase-opensource-src-gles_5.15.15+dfsg-1.dsc
 5231d71c017654c04093ca1b756572feb3807813 49087972 qtbase-opensource-src-gles_5.15.15+dfsg.orig.tar.xz
 b67d6ff421a90b5d96e9492eaf898f42dfd14e4d 131444 qtbase-opensource-src-gles_5.15.15+dfsg-1.debian.tar.xz
 eb641a1ae3eab7a12cd2c7ffe3a879f80f62b2c8 22556 qtbase-opensource-src-gles_5.15.15+dfsg-1_source.buildinfo
Checksums-Sha256:
 0f3b0bcfa769cc7dbfe7a5768f3aef4d929d28946dd603d7ea2e37d8eab60e03 3649 qtbase-opensource-src-gles_5.15.15+dfsg-1.dsc
 0710566cfa9d5d3b14f889cd60e02debd92bae2b831144460b1f952b096b7878 49087972 qtbase-opensource-src-gles_5.15.15+dfsg.orig.tar.xz
 a71a41a4d68d458bd2705c9ac20ddb6dd10d497a4fa79b8ff6f9b6af727c7c32 131444 qtbase-opensource-src-gles_5.15.15+dfsg-1.debian.tar.xz
 30c10a07ee89e1f8ea307d8160523681a1b040845b9ca790850db99691cf598c 22556 qtbase-opensource-src-gles_5.15.15+dfsg-1_source.buildinfo
Files:
 3fee2ac00f43cdc4944aec4037a591e2 3649 libs optional qtbase-opensource-src-gles_5.15.15+dfsg-1.dsc
 0c032d33eb29cc867bd0218e9ff47e6b 49087972 libs optional qtbase-opensource-src-gles_5.15.15+dfsg.orig.tar.xz
 ce173ef33e109ad5155152a1f4f6987f 131444 libs optional qtbase-opensource-src-gles_5.15.15+dfsg-1.debian.tar.xz
 9bea5a6ed39293147a4071b4ea64289b 22556 libs optional qtbase-opensource-src-gles_5.15.15+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE8kKZ/xu8kBi5BqTLYCaTbS8ciuAFAmbgJ8sTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBgJpNtLxyK4GpCD/0bFw7wDqCCqMweAcnJIO6GqRMZg2p3
jjOxR2MPw952hOOgGT+t0Wk1D/dhkUDYRk6LeXjkhJV9N2XXOuI+zIu+EjbeKYXQ
wS9ezkafXtrhTLV+vrBQdfNGxgPAO3aBaFQ/yOH4gJS9ePv8iJxwbp/TfK56Ea+K
WBzNeqVl0GlsTyMMqvYJs3GAUdqfrgnx4ljIW7Y12yMf52ZjF3vURbUeRG0yMaAL
HYWEWthrQuRgWUn5lpgSM9Q5B29t8Ze+E9wPOY/yrp7/2FEZYz3ksNG/Br+pWoCm
gQ0SHXRfL0lBWx6vTGY3b/HBxq9PAirVy4ieBZv5FfHCpca8sVJ5GeOcxZ0XrYyZ
D+O5yJpGAkiQAmUO+uQbMLxYEslM3Sn7UM/k66Td2Azp6Il5mOLt+LeFYr4njNL9
A2BgCEamySNjmUxSuNWN2ThRqoHM5VLh9wOjMKDlflHOd4oDdsSUNML9f33iqw9s
84NMHAiLqN5XPAkg956xsIQeNi9RSn/ytXw8Pgo9o3OzxJ2ypeD6HjJHIOBFQVvs
d7U6yJAFV89JPZ5ks2nokYlMR1hvPyW9bzNrcP67fb+Aox0CRNxqqeooQzhhwavb
Nzwple312bBsmT6upKHe2g/X2tbX4TXoj315CaTmddJydgx1JXX/FC31Y+7t3ZVc
uVEIgnIrunlFrw==
=gjMS
-----END PGP SIGNATURE-----

Attachment: pgprLcfmdmaNe.pgp
Description: PGP signature


--- End Message ---
Reply to: