Bug#1093882: marked as done (qtconnectivity-opensource-src: CVE-2025-23050)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 29 Jan 2025 19:34:27 +0000
with message-id <E1tdDpT-008lvl-QX@fasolo.debian.org>
and subject line Bug#1093882: fixed in qtconnectivity-opensource-src 5.15.15-3
has caused the Debian Bug report #1093882,
regarding qtconnectivity-opensource-src: CVE-2025-23050
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1093882: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093882
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: qtconnectivity-opensource-src: CVE-2025-23050
• From: Moritz Mühlenhoff <jmm@inutil.org>
• Date: Thu, 23 Jan 2025 20:02:27 +0100
• Message-id: <[🔎] Z5KSQ6fVoeT31dIh@pisco.westfalen.local>

Source: qtconnectivity-opensource-src
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for qtconnectivity-opensource-src.

CVE-2025-23050[0]:
https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux

Patch for Qt5:
https://qt-mirror.dannhauer.de/archive/qt/5.15/CVE-2025-23050-qtconnectivity-5.15.diff


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-23050
    https://www.cve.org/CVERecord?id=CVE-2025-23050

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

• To: 1093882-close@bugs.debian.org
• Subject: Bug#1093882: fixed in qtconnectivity-opensource-src 5.15.15-3
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Wed, 29 Jan 2025 19:34:27 +0000
• Message-id: <E1tdDpT-008lvl-QX@fasolo.debian.org>
• Reply-to: Dmitry Shachnev <mitya57@debian.org>

Source: qtconnectivity-opensource-src
Source-Version: 5.15.15-3
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtconnectivity-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1093882@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtconnectivity-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jan 2025 21:39:43 +0300
Source: qtconnectivity-opensource-src
Architecture: source
Version: 5.15.15-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1093882
Changes:
 qtconnectivity-opensource-src (5.15.15-3) unstable; urgency=medium
 .
   * Backport upstream patch to guard against malformed replies in
     QLowEnergyControllerPrivateBluez (CVE-2025-23050, closes: #1093882).
   * Update debian/libqt5bluetooth5.symbols from buildds’ logs.
Checksums-Sha1:
 5f2b6c0e9a3d09a1831571ded962883208e7816a 3289 qtconnectivity-opensource-src_5.15.15-3.dsc
 9e22e6acf7deb29cb832622669990bafcd69cb9d 16600 qtconnectivity-opensource-src_5.15.15-3.debian.tar.xz
 e77ae2fdedb4ba659200180d6d425843f12f9606 12912 qtconnectivity-opensource-src_5.15.15-3_source.buildinfo
Checksums-Sha256:
 56fe6c77b2c1616d3a9c0c8dcfdea7fccc4beb3b32ab04a69e892fd30eac3ac5 3289 qtconnectivity-opensource-src_5.15.15-3.dsc
 5def788076936b23bac59aef4efd12369e0729d3db6e4fbac0977d26ed5803de 16600 qtconnectivity-opensource-src_5.15.15-3.debian.tar.xz
 4085a76afe56349d9c5b754a3751e842ae0f3666fb5b97dd35a7bc4028fbbac7 12912 qtconnectivity-opensource-src_5.15.15-3_source.buildinfo
Files:
 1de59d7590186cbf23e3ab0a443efd11 3289 libs optional qtconnectivity-opensource-src_5.15.15-3.dsc
 9287269b5e3b5a60136d275d8501e2cd 16600 libs optional qtconnectivity-opensource-src_5.15.15-3.debian.tar.xz
 8c725eacd11bb88bd8ce3d279681d977 12912 libs optional qtconnectivity-opensource-src_5.15.15-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmeagG4THG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRCyZhS0UvRGtkcmEAC21OH44DwVdburUpzFiJLsCOV8zVnb
ZBnPu4+aMXpZPQqZJmSTmglKZV+1E6NKCTBGv1jHDqksmKCACUXoXt40Gn4/rc7D
JppMr7hssx+QjinSCxXzVE7ejj6k3XCIwDQvvy0OPwwkZ7uXMLOOHIirTKkKAjEy
ZEeLtfKm1chep4pZtoUrw1mXq6DoFnZ3oYPIRfQZow2hg2fC3mfPP+OcqTRIV5Y1
AMmR511nh8si1LLwX4ya0oF0jNIXcwMAOWkEJoXktU4RdbThZQF4jmnT5YE+MuFl
hnjsY/AznF5nvbrpPIOfwPSbWJ+nVneFZsvNNlZ7Sy5pNmmbEzRm/GZna6/9mE95
UyxMfzcFivSB4sF5EXoCi6wXule8EeXIDZQDRwYDiaFPhqWOZb8ncxFCTpg6gR7l
QIaLVp2+vlibOm1jlrLAdUBSG+ZdAwo+PqQ3CYY3g0PSxN4YX9ppxebeXHVqNtq7
2oS7zo9N92TWjSpZ70mkvF8QTspomhxUwoWloC1xUD5xGWjTLfEk7DeviohJk+U3
rwcuMrn+yMv1k87l6P8ziQ6mGrccKmxIDl7xC4cbJO4DXw4qSBmJVYrKepKcz33S
DFCzWsqNNljY/YdsUYuN1sG0FLQRGHTUfxsyBLmjQcSxEaPW13x7/dIzKiYNQ7Tl
AzMiQdG3UN+agg==
=0QfQ
-----END PGP SIGNATURE-----

Attachment: pgpFps_Dptbhk.pgp
Description: PGP signature

--- End Message ---