Bug#1014124: marked as done (buffer overflow in the mng plugin for Qt (CVE-2020-23884))

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 29 Oct 2024 00:27:53 +0000
with message-id <E1t5a5R-005Eb1-Jn@fasolo.debian.org>
and subject line Bug#1014124: fixed in qtimageformats-opensource-src 5.15.15-3
has caused the Debian Bug report #1014124,
regarding buffer overflow in the mng plugin for Qt (CVE-2020-23884)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1014124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014124
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: nomacs: CVE-2020-23884
• From: Moritz Mühlenhoff <jmm@inutil.org>
• Date: Thu, 30 Jun 2022 16:47:22 +0200
• Message-id: <Yr23ery4+paJfA8c@pisco.westfalen.local>

Source: nomacs
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for nomacs.

CVE-2020-23884[0]:
| A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial
| of service (DoS) via a crafted MNG file.

https://github.com/nomacs/nomacs/issues/516

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-23884
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23884

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

• To: 1014124-close@bugs.debian.org
• Subject: Bug#1014124: fixed in qtimageformats-opensource-src 5.15.15-3
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 29 Oct 2024 00:27:53 +0000
• Message-id: <E1t5a5R-005Eb1-Jn@fasolo.debian.org>
• Reply-to: Dmitry Shachnev <mitya57@debian.org>

Source: qtimageformats-opensource-src
Source-Version: 5.15.15-3
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtimageformats-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1014124@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtimageformats-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 29 Oct 2024 00:08:53 +0300
Source: qtimageformats-opensource-src
Architecture: source
Version: 5.15.15-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1014124 1046162
Changes:
 qtimageformats-opensource-src (5.15.15-3) unstable; urgency=medium
 .
   * Add a patch to reject broken MNG images, backported from qtbase 6.0
     (CVE-2020-23884, closes: #1014124).
   * Add debian/clean file (closes: #1046162).
Checksums-Sha1:
 e0ee64671553f3fac749eb339aa46259b3756e4c 2452 qtimageformats-opensource-src_5.15.15-3.dsc
 b69d450fd727fdc2cde727034b805cf23d1dfaef 7756 qtimageformats-opensource-src_5.15.15-3.debian.tar.xz
 5ef7c03b04f9fbc4e45fa167705fcf7bbb3dc24c 12646 qtimageformats-opensource-src_5.15.15-3_source.buildinfo
Checksums-Sha256:
 2eb7b2cd88171b8f4aa5cc56e65379ca52dc6f89b9884613c0c1dd68d0d6cc10 2452 qtimageformats-opensource-src_5.15.15-3.dsc
 16a1d9120ee6aff6062304d66e7797f483caaa00b52c736557a52890c953d0a8 7756 qtimageformats-opensource-src_5.15.15-3.debian.tar.xz
 35bf2a976f2a5f5a4a6442b972ea809faab173144b6dd40154481226527ab0bb 12646 qtimageformats-opensource-src_5.15.15-3_source.buildinfo
Files:
 ccb4a79f9921a775c22b826f1bbc1c65 2452 libs optional qtimageformats-opensource-src_5.15.15-3.dsc
 6f26ee9f7df44ffedb4cbe1fd9370e3d 7756 libs optional qtimageformats-opensource-src_5.15.15-3.debian.tar.xz
 2bfb3ccf90e9c07688250c2c78dcbfeb 12646 libs optional qtimageformats-opensource-src_5.15.15-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmcf/X4THG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRCyZhS0UvRGthidD/92kE7vHQRSnooG2qKgTfIN8IWcCjZl
ws8ko2HmZ8GL7QOSSgfM0nT5DtKI1YYf/eof1bYBXnCX/tcwe0hEf5rLaJ8WvKGT
+BEFMBu+EawnQENFjW/68T+Sl5ihAkGm9MN/VRoDs8YcHjSO8QF0n41Ig/7h6cRV
Fl0I3uRv5VxR+QDg+cUrc60spuN2gW9YUCvgQdyYYSXC6o/SqGe72w6kt662VqsQ
eI0GNNQx7YUDxLyudxSTNQM1MKuQ7rY2LHyGEBW1jylqRMOD11USU6EtF7X3Ij3v
O75Ng28oZDfAuR8NMLurEgxuXJqkBi/pHNIgztT2pdzRBF7/YEiNz4J/ursux1xl
E0XOnSTf256nYsTm13lg9Swzu11VZwmDAjcPYIWZ4mlQJX1CMSgzWK/nc+m1NOdk
lDOZl9IbqKQUaTs4juuUpSjLFPF+wsuf+G+jZeCi3Aq5yhqvxdy1AVun+y60DDEG
rkACy5X+keA+XEqAh2y5OkjV+twnvjGWa9NEjLOA9yGKMRbptHm9TKkKTeETjMDT
pceEb0rrWwgdUrYfS5ie5oveYZdx+mnZrJvutOX8Jj4sXdZJW9JEDZdjKlkt2BrO
8hFEgYzpWuBB6aBaotdihRnFdtm5RTM4mNuwSBnzeazTeUugzn2TT0mLL/zcsYRG
0NezKEblEFXbuw==
=T+m6
-----END PGP SIGNATURE-----

Attachment: pgpo71YOK4cj0.pgp
Description: PGP signature

--- End Message ---