Your message dated Fri, 06 Jun 2025 11:21:59 +0000 with message-id <E1uNV95-00DKLD-Qb@fasolo.debian.org> and subject line Bug#1107318: fixed in qtimageformats-opensource-src 5.15.15-4 has caused the Debian Bug report #1107318, regarding qtimageformats-opensource-src: CVE-2025-5683 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1107318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107318 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: qtimageformats-opensource-src: CVE-2025-5683
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Thu, 5 Jun 2025 17:17:19 +0200
- Message-id: <[🔎] aEG0_4bQMcOo_7v8@pisco.westfalen.local>
Source: qtimageformats-opensource-src X-Debbugs-CC: team@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtimageformats-opensource-src. CVE-2025-5683[0]: | When loading a specifically crafted ICNS format image file in QImage | then it will trigger a crash. This issue affects Qt from versions | 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed | in 6.5.10, 6.8.5 and 6.9.1. https://codereview.qt-project.org/c/qt/qtimageformats/+/644548 https://github.com/qt/qtimageformats/commit/efd332516f510144927121fa749ce819b82ec633 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-5683 https://www.cve.org/CVERecord?id=CVE-2025-5683 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
- To: 1107318-close@bugs.debian.org
- Subject: Bug#1107318: fixed in qtimageformats-opensource-src 5.15.15-4
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 06 Jun 2025 11:21:59 +0000
- Message-id: <E1uNV95-00DKLD-Qb@fasolo.debian.org>
- Reply-to: Dmitry Shachnev <mitya57@debian.org>
Source: qtimageformats-opensource-src Source-Version: 5.15.15-4 Done: Dmitry Shachnev <mitya57@debian.org> We believe that the bug you reported is fixed in the latest version of qtimageformats-opensource-src, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1107318@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtimageformats-opensource-src package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Jun 2025 10:57:26 +0300 Source: qtimageformats-opensource-src Architecture: source Version: 5.15.15-4 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Dmitry Shachnev <mitya57@debian.org> Closes: 1107318 Changes: qtimageformats-opensource-src (5.15.15-4) unstable; urgency=medium . * Backport upstream patch to fix validation issue for ICNS image (CVE-2025-5683, closes: #1107318). Checksums-Sha1: 0a0171e02d61dcd3c845267eef104783d2928d20 2452 qtimageformats-opensource-src_5.15.15-4.dsc 33399d84fc8e27cb678c35a24c7324e878254edf 8364 qtimageformats-opensource-src_5.15.15-4.debian.tar.xz 29d1a264bd6f3eb75d5fb2df41a322b3d5699e1d 13235 qtimageformats-opensource-src_5.15.15-4_source.buildinfo Checksums-Sha256: acf549065a28827798f0e8a6ec538504fa68b8a8e6e7e99127be47e8e6367640 2452 qtimageformats-opensource-src_5.15.15-4.dsc 17e4ff716109cdb1770dc1031de5ee1e0d3ad8481c9d70a928aae9c498202711 8364 qtimageformats-opensource-src_5.15.15-4.debian.tar.xz f979511f7756cd88d477293b88e10e813d7c842c2ca22e967b1b55b8cb057bc9 13235 qtimageformats-opensource-src_5.15.15-4_source.buildinfo Files: 20b47f707514c70c53883975f496218c 2452 libs optional qtimageformats-opensource-src_5.15.15-4.dsc d642aa2c4513aa01214d02ddd27b7b3b 8364 libs optional qtimageformats-opensource-src_5.15.15-4.debian.tar.xz a2816e73670cc85b13f75309c17feaa5 13235 libs optional qtimageformats-opensource-src_5.15.15-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmhCn5YTHG1pdHlhNTdA ZGViaWFuLm9yZwAKCRCyZhS0UvRGth/yEACBOqf61fgnwdfl2s1b9JHxyU3PZAto hTcfauD6amu5VSSUx7HTsK+JFdFq7J1euJib3Y0rtRB6x0rEp4U2Cv7E9KNuzfiw FW0JByrnANDj52nPxs2cpPVNhrDGaA2Psu+Gs+Fgjl0yu6enHcr1B3A5O+C09yvW 1OcKRRsW35gqRUqJXAmlyj8sP+yIhR9UW+d+0uRuyWjvNw0SP88gK+tGLySuDEwb YXrXF6B66DNPvJ61eNJ/dnnuhb3GQNbOiH2GoGo+0zwGmFVxESl93On+K9zkGiuo wfsf0FbbkpPQt5uN3kXSRkdSrHapgPrkXU92z7wHMenWxNstk0RCJE8TQaM1XYpS S3+lYmXVgPS86RhHnqmPBArY6FNBb9UX+RErQg/DvjKFkxPUchvG2en16zFTAKjb 5dthJrJFsYirpafWEsEb70nlligZgCYcRvEWNdhPupO0WELIjAKW88HfGd2q0Xn9 WKdF72h+VgkfatxDw/z7J42l1Vcgn9k5++0PjO/kKApCHSvAFvWNp6W3qkvQjYup ypdbjS4EnWP7QIl/SjpuVwQbiBdF7V06HvwBXqb2Tqwh3cXtlziHJzzj1b+hk9nA NdN87MWgyuSrGwQK/Q66r4F82wFXAFoaIeyt8HZDyrpr/H6irrsU0y9GL58zlOLs Dz1GrMuDG66OEw== =/HZh -----END PGP SIGNATURE-----Attachment: pgpLzf13jj8Ky.pgp
Description: PGP signature
--- End Message ---