Your message dated Wed, 16 Apr 2025 19:52:02 +0000 with message-id <E1u58ni-00Eh6z-FY@fasolo.debian.org> and subject line Bug#1103022: fixed in qt6-base 6.8.2+dfsg-6 has caused the Debian Bug report #1103022, regarding qt6-base: CVE-2025-3512 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1103022: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103022 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: qt6-base: CVE-2025-3512
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 13 Apr 2025 20:57:48 +0200
- Message-id: <[🔎] 174457066847.456672.8415915117439357001.reportbug@eldamar.lan>
Source: qt6-base Version: 6.8.2+dfsg-5 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerability was published for qt6-base. CVE-2025-3512[0]: | There is a Heap-based Buffer Overflow vulnerability in | QTextMarkdownImporter. This requires an incorrectly formatted | markdown file to be passed to QTextMarkdownImporter to trigger the | overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to | 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-3512 https://www.cve.org/CVERecord?id=CVE-2025-3512 [1] https://codereview.qt-project.org/c/qt/qtbase/+/635546 Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1103022-close@bugs.debian.org
- Subject: Bug#1103022: fixed in qt6-base 6.8.2+dfsg-6
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 16 Apr 2025 19:52:02 +0000
- Message-id: <E1u58ni-00Eh6z-FY@fasolo.debian.org>
- Reply-to: Patrick Franz <deltaone@debian.org>
Source: qt6-base Source-Version: 6.8.2+dfsg-6 Done: Patrick Franz <deltaone@debian.org> We believe that the bug you reported is fixed in the latest version of qt6-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1103022@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Franz <deltaone@debian.org> (supplier of updated qt6-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 16 Apr 2025 21:33:04 +0200 Source: qt6-base Architecture: source Version: 6.8.2+dfsg-6 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Patrick Franz <deltaone@debian.org> Closes: 1095836 1103022 Changes: qt6-base (6.8.2+dfsg-6) unstable; urgency=medium . [ Patrick Franz ] * Backport patch to fix issue when configuring Plasma to have multiple Notification widgets, fixes QTBUG-134210. * Backport patch to fix CVE-2025-3512 (Closes: #1103022). * Let qt6-gtk-platformtheme depend on gnome-themes-extra-data to fix issue with dark themes (Closes: #1095836). . [ Pino Toscano ] * Bump Standards-Version to 4.7.2, no changes required. Checksums-Sha1: 00462bab9b198f3a8a7242f3ea3c95011fb615fd 5470 qt6-base_6.8.2+dfsg-6.dsc 25e6f2e6c423245fe3b3e8c4a22d7826f3fd6664 193660 qt6-base_6.8.2+dfsg-6.debian.tar.xz 0c064a228ab929bb1ad6acc46015b2927cbe10d5 10562 qt6-base_6.8.2+dfsg-6_source.buildinfo Checksums-Sha256: 3b2778d030ce9567bf8ec9c940d0258f398f24629a51da3c73c4ba080e8bd080 5470 qt6-base_6.8.2+dfsg-6.dsc 3444a1f018938896c1ac7f576ad4e83c6e8fe6259b029d698b228767a1d32fd1 193660 qt6-base_6.8.2+dfsg-6.debian.tar.xz 55d02e6a5a35b2d62c81791bf9eb8189e15e67b61896c626bfbddcc8787eac4c 10562 qt6-base_6.8.2+dfsg-6_source.buildinfo Files: 640188e7115b888cf51771bcd284bdbd 5470 libs optional qt6-base_6.8.2+dfsg-6.dsc 414c6aefe34b9badc073efdc55836a18 193660 libs optional qt6-base_6.8.2+dfsg-6.debian.tar.xz 12e1a4f93678ee766cc2d0beb1366e6e 10562 libs optional qt6-base_6.8.2+dfsg-6_source.buildinfo -----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJoAAYCCRCen3pgMHf+VkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmeafkMLBCbQc59PWPuhGply23+DOkWGLxbwnFX+GKFj lxYhBGKHQVw0evHMWR7typ6femAwd/5WAADjLxAAiMYcZx5S/jvoAnBlarlHtJ72 AmWL+yTSdbkY1Go3P/S9IHZvjMcWi/LZVzhkv0BRt54x5xBLUBg2TQbSrHSs66zi XF7VdtkeZ91iNhG/W2aIJxFb7F0t0pcc8lmUVokizHtgmGgRKAY0c6kys+OGpHtV JnAQWeD7onR3f6X733alsKQrVYcdVqBIc7n3oXqMITlJb+iAvPzgHu/CV1jz1pQ7 MAoNToMZptLgFbkLRLi32aT+o3YdJ6H8INKDdgwQ3Zm8NKzyb+3ZRvgxpPX7ZHJr 7SrLWHOfPtKrtjOc2ab3OfiVb7dSTnn77h2uwsa+ljfwWPCol/f1f1+7NuWIYJ60 8c1Y8Lh+ch0+HhmRQLvdUWG5gBx29CF82pcJp5sOvY8rzTY9vT05hFCCrp65aY7U Iuqjsrjv2nGNGrd9KAWthZao4H7xnOmUtJKq9MB3zZYyVLdgLMmlmBQSQ+YMJoIz kNn2BaiGFXW3Dyx4bubXlmNcmKMC8Ozykh7eQ+yBkrOPu2PWuIjgM6piujYyghol pz8+LV4vFFCIcWuEZyFL7Xm7wjh8HnU7jF0qxwUiPQEwpQVEokTcIx03vU7FwgT8 BTjLUM3aJhVkM3Zyg67DglSd0ThhXGFQJTpUmL06GmHwW52WmerV7jZJFe+hx2XQ L/5y8Bxcre9zqzdwDTA= =leVd -----END PGP SIGNATURE-----Attachment: pgpGiCsZzZWz3.pgp
Description: PGP signature
--- End Message ---