Your message dated Wed, 28 Aug 2024 23:52:27 +0000 with message-id <e1sjssh-002zbz...@fasolo.debian.org> and subject line Bug#1054638: fixed in qtox 1.17.6-1 has caused the Debian Bug report #1054638, regarding qtox potentially unsafe to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1054638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054638 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: qtox Version: 1.17.6-0.1 Severity: important X-Debbugs-Cc: m.sca...@protonmail.ch Dear Maintainer, a serious remote code execution vulnerability has allegedly been discovered for qtox and reported in Windows as explained in here: https://github.com/Zoxcore/qTox_enhanced/issues/6 Apparently, a patch was released for the issue. Is the Linux version of the software affected? Is Debian package safe to use? -- System Information: Debian Release: 12.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages qtox depends on: ii libavcodec59 7:5.1.3-1 ii libavdevice59 7:5.1.3-1 ii libavformat59 7:5.1.3-1 ii libavutil57 7:5.1.3-1 ii libc6 2.36-9+deb12u3 ii libexif12 0.6.24-1+b1 ii libkf5sonnetui5 5.103.0-1 ii libopenal1 1:1.19.1-2 ii libqrencode4 4.1.1-1 ii libqt5core5a 5.15.8+dfsg-11 ii libqt5gui5 5.15.8+dfsg-11 ii libqt5network5 5.15.8+dfsg-11 ii libqt5svg5 5.15.8-3 ii libqt5widgets5 5.15.8+dfsg-11 ii libqt5xml5 5.15.8+dfsg-11 ii libsodium23 1.0.18-1 ii libsqlcipher0 3.4.1-2+b1 ii libstdc++6 12.2.0-14 ii libswscale6 7:5.1.3-1 ii libtoxcore2 0.2.18-1 ii libx11-6 2:1.8.4-2+deb12u2 ii libxss1 1:1.2.3-1 qtox recommends no packages. qtox suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: qtox Source-Version: 1.17.6-1 Done: Yangfl <mmyan...@gmail.com> We believe that the bug you reported is fixed in the latest version of qtox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1054...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yangfl <mmyan...@gmail.com> (supplier of updated qtox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 28 Aug 2024 14:08:04 +0800 Source: qtox Architecture: source Version: 1.17.6-1 Distribution: unstable Urgency: medium Maintainer: Yangfl <mmyan...@gmail.com> Changed-By: Yangfl <mmyan...@gmail.com> Closes: 1022250 1054638 1072447 Changes: qtox (1.17.6-1) unstable; urgency=medium . * Fix FTBFS with ffmpeg 7.0 (Closes: #1072447) * Add nvidia abstraction to AppArmor profile (Closes: #1022250) * Hotfix exploit with notifications (Closes: #1054638) * Bump Standards-Version to 4.7.0 Checksums-Sha1: a9d81425e365bc75f1d1abf649fbb5ec51ad4a2c 2393 qtox_1.17.6-1.dsc 7ec6356da1c52cfe39c2cdfc3587664543ec9248 4777590 qtox_1.17.6.orig.tar.gz 4ca299df443033b2a006744bf9b8093b3b0d7bea 833 qtox_1.17.6.orig.tar.gz.asc 02ad75adb0dcaf3234c84740c2e40d7936d59c5b 22664 qtox_1.17.6-1.debian.tar.xz faf6aaf43967d14ca9e7550a58c3432f8dba6e30 16955 qtox_1.17.6-1_amd64.buildinfo Checksums-Sha256: 9cc8a31f9afc69c2e05456d48918fd74453ac104cde0df58c0d7437d07e32024 2393 qtox_1.17.6-1.dsc 3900764667319baa8a0da95e051e0a6c167f9c2c67e4b9c98d108f7b7bf888d6 4777590 qtox_1.17.6.orig.tar.gz d9c54cbca379bdf3746e1550d852d1016c2020b9397049dbbf90bee4ce244703 833 qtox_1.17.6.orig.tar.gz.asc 10b055a627fcdadb61b5c49e15c23057c8265fc0c6b5f2ab5806beae25a69d3b 22664 qtox_1.17.6-1.debian.tar.xz b46f0ac40fee9a926a05f22f4ab16a9abb42c2ac2dfcbdde949195ae30310927 16955 qtox_1.17.6-1_amd64.buildinfo Files: 755aa609085ec03ec155f6f4a2f5c86a 2393 net optional qtox_1.17.6-1.dsc 0bf7bc4133b55e1acf8c800c64e1f1c3 4777590 net optional qtox_1.17.6.orig.tar.gz 5c3c3b081f128f43dcbce43bb4aa3c1e 833 net optional qtox_1.17.6.orig.tar.gz.asc 7844649f4940c7ca3d7d7c5d25071c87 22664 net optional qtox_1.17.6-1.debian.tar.xz 7ab8666ee79d59656068a78434fcd98e 16955 net optional qtox_1.17.6-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmbPsrUACgkQwpPntGGC Ws5jIQ//cQabQydTDWABd5gYFvE/Pa7N6b1zY5kN2q+JrOwhRZHsIWlJWqzHUf2m lj1wr+nEbm+3CnCGg/HSYSuzWP360AWZ+MuGnNhKic+wvupp8rGMAksoqaTEOd3M iKnSxUvrXgoiWzg86r2wIerr32w94DXHrDmIe4cYCaxtc2u9+1JQ+4py6MLNXLxd vnIoDMNzc1x81zxYILKz69kDl69FND62SQgm9S2dCEtDTInQ2qkQHoojULsfnGdT o0u96hdLhOrY8NJawKGYAJjmrSJDnVuSgqbKhSUZhH77EnrOmt92qKRvlZjyqQ6k M3vb26OY3t0QQJZ4wwsMuYejcUtX3LCmpWS+wh0PXgJSa4k4Bb1lla5r7ytc5/Va zHfcWugNPcEdvVb3VeYKsl3QapZk/BGQjUCE2QGOAHN8L8vJf0M1Iu+Oq2Vxnzv5 9kUFD9zMb4aA1dXkSgIkZP38gP2+kGSIbawELDFNoaMVlgHFETCu53/eaCeVinlP pGiR4OGI9y8gSlp7Y3qSaT6hAiSD9mArEP+T+MfOp/RBkCtZgtqUawAvC0MR/GCu JVBn4WwKERfLwiTS5MKkypegufGo3hroTELMb5HZeF8Pl5L/tpZ/8Hdd97NiY+0U wNt27vEtNpBRw5arA9wF6cGDp2XrerHfodOWB/PT9itYLJbla2M= =lrM7 -----END PGP SIGNATURE-----pgpeeKsPgX__z.pgp
Description: PGP signature
--- End Message ---