Your message dated Fri, 06 Jun 2025 17:53:02 +0000 with message-id <E1uNbFW-00Ed3e-DE@fasolo.debian.org> and subject line Bug#1107317: fixed in qt6-imageformats 6.8.2-4 has caused the Debian Bug report #1107317, regarding qt6-imageformats: CVE-2025-5683 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1107317: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107317 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: qt6-imageformats: CVE-2025-5683
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Thu, 5 Jun 2025 17:16:56 +0200
- Message-id: <[🔎] aEG06OJyr7RhdwxZ@pisco.westfalen.local>
Source: qt6-imageformats X-Debbugs-CC: team@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qt6-imageformats. CVE-2025-5683[0]: | When loading a specifically crafted ICNS format image file in QImage | then it will trigger a crash. This issue affects Qt from versions | 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed | in 6.5.10, 6.8.5 and 6.9.1. https://codereview.qt-project.org/c/qt/qtimageformats/+/644548 https://github.com/qt/qtimageformats/commit/efd332516f510144927121fa749ce819b82ec633 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-5683 https://www.cve.org/CVERecord?id=CVE-2025-5683 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
- To: 1107317-close@bugs.debian.org
- Subject: Bug#1107317: fixed in qt6-imageformats 6.8.2-4
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 06 Jun 2025 17:53:02 +0000
- Message-id: <E1uNbFW-00Ed3e-DE@fasolo.debian.org>
- Reply-to: Patrick Franz <deltaone@debian.org>
Source: qt6-imageformats Source-Version: 6.8.2-4 Done: Patrick Franz <deltaone@debian.org> We believe that the bug you reported is fixed in the latest version of qt6-imageformats, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1107317@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Franz <deltaone@debian.org> (supplier of updated qt6-imageformats package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Jun 2025 19:37:30 +0200 Source: qt6-imageformats Architecture: source Version: 6.8.2-4 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Patrick Franz <deltaone@debian.org> Closes: 1107317 Changes: qt6-imageformats (6.8.2-4) unstable; urgency=medium . [ Patrick Franz ] * Backport patch to fix CVE-2025-5683 (Closes: #1107317). Checksums-Sha1: 3f829dafda858dd04a777bed0c6be8685f8c9f02 2524 qt6-imageformats_6.8.2-4.dsc 0edcc545f2894f1b18dd9fa35b439db2a5210e58 6368 qt6-imageformats_6.8.2-4.debian.tar.xz 557cde2c52abee3e626f98c404a82eaa25bc9715 12738 qt6-imageformats_6.8.2-4_source.buildinfo Checksums-Sha256: d29662bdbe03a671fe609ce44ea209411ee3fcd14dc1fa607536d6be18a73cd7 2524 qt6-imageformats_6.8.2-4.dsc 56f421e1bb88b2448d30b0aecee38039f87b4ec5860d4e7f942e55efc0d7398a 6368 qt6-imageformats_6.8.2-4.debian.tar.xz e31cf0c50da62ed086e92c29f0564e2ca2970674383d966df3ed40f0cac2785d 12738 qt6-imageformats_6.8.2-4_source.buildinfo Files: 9ffa0f45f04427419a40a7baee75e921 2524 libs optional qt6-imageformats_6.8.2-4.dsc 466d587ea0822cf24bab7ab2b5ca64b7 6368 libs optional qt6-imageformats_6.8.2-4.debian.tar.xz 159f78db207f9fdc5b3649f1df47ab5f 12738 libs optional qt6-imageformats_6.8.2-4_source.buildinfo -----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJoQyfOCRCen3pgMHf+VkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcme98llc7PfpIL7fnq1XFP0lgFxeKHziW3DhBBuzeZT/ GxYhBGKHQVw0evHMWR7typ6femAwd/5WAADdVw//RtfD5MUcjbcrNVwOxLzlKNzC PxFZX1rMKwYcXzIskbDky2IpF7wuPZlEd4daG8jC3H6zBXo/ico4YCWKvljrx7CC itFEHz0CNRCOUif1n7osPhgi9PZxJfTq1sKgwX41CLrMOncW4MqA53gDFsbuk8JZ YHPZ73tWYD0rVocFO5j0hB3ZggmJ2sooLznJy9soAW9CR8prT1I0+bOwfEfHpHAn AlAmPNs0q3vAELUFLs7T1m+JLiOOEuNfAO/DWy488oVCUKvm/tDl0KdQjzbs0pfA u6kVynK7dge20DMd36Mpr+Mlhvzig0n5L+NJqJm8eaeDrOVFUqzJz5Cq5/kIZBcy NFqENbf8lwen78B3ZDSTMSiDselgqs0Gt+6k3rcwatwpM72N11bwmDtgUn5BxqBT mPtFenlftsuPd+/Ds4iR7SYeqUBrzoQ/aIRyinUuzUcqbQTsaCq0Ipxb0uHfhqxU RkMrybppnfTNO7zCtnGvg2YdvITUCQ7sWJMuGq+fiJ1X7yAexMc2o2PIkQkYUg+y qj9quQS08DeMYwIcqYEUFsLxFJ1cvfob/8moROs4z7A/WL36cu1cdM92xniTskZe W/I8pNvdw5LVSFLaR/Pe66nZltaG2PP1lmTM5rwGRxsbsiTwtq6YlS9v2vHnj2QO YGPT1kzEDz12WZvPXZk= =/nEJ -----END PGP SIGNATURE-----Attachment: pgpbxKKwu7Fw3.pgp
Description: PGP signature
--- End Message ---