Your message dated Wed, 28 Aug 2024 23:52:27 +0000
with message-id <e1sjssh-002zbz...@fasolo.debian.org>
and subject line Bug#1054638: fixed in qtox 1.17.6-1
has caused the Debian Bug report #1054638,
regarding qtox potentially unsafe
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1054638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054638
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: qtox
Version: 1.17.6-0.1
Severity: important
X-Debbugs-Cc: m.sca...@protonmail.ch
Dear Maintainer,
a serious remote code execution vulnerability has allegedly been discovered for
qtox and reported in Windows as explained in here:
https://github.com/Zoxcore/qTox_enhanced/issues/6
Apparently, a patch was released for the issue.
Is the Linux version of the software affected? Is Debian package safe to use?
-- System Information:
Debian Release: 12.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages qtox depends on:
ii libavcodec59 7:5.1.3-1
ii libavdevice59 7:5.1.3-1
ii libavformat59 7:5.1.3-1
ii libavutil57 7:5.1.3-1
ii libc6 2.36-9+deb12u3
ii libexif12 0.6.24-1+b1
ii libkf5sonnetui5 5.103.0-1
ii libopenal1 1:1.19.1-2
ii libqrencode4 4.1.1-1
ii libqt5core5a 5.15.8+dfsg-11
ii libqt5gui5 5.15.8+dfsg-11
ii libqt5network5 5.15.8+dfsg-11
ii libqt5svg5 5.15.8-3
ii libqt5widgets5 5.15.8+dfsg-11
ii libqt5xml5 5.15.8+dfsg-11
ii libsodium23 1.0.18-1
ii libsqlcipher0 3.4.1-2+b1
ii libstdc++6 12.2.0-14
ii libswscale6 7:5.1.3-1
ii libtoxcore2 0.2.18-1
ii libx11-6 2:1.8.4-2+deb12u2
ii libxss1 1:1.2.3-1
qtox recommends no packages.
qtox suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: qtox
Source-Version: 1.17.6-1
Done: Yangfl <mmyan...@gmail.com>
We believe that the bug you reported is fixed in the latest version of
qtox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1054...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yangfl <mmyan...@gmail.com> (supplier of updated qtox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 Aug 2024 14:08:04 +0800
Source: qtox
Architecture: source
Version: 1.17.6-1
Distribution: unstable
Urgency: medium
Maintainer: Yangfl <mmyan...@gmail.com>
Changed-By: Yangfl <mmyan...@gmail.com>
Closes: 1022250 1054638 1072447
Changes:
qtox (1.17.6-1) unstable; urgency=medium
.
* Fix FTBFS with ffmpeg 7.0 (Closes: #1072447)
* Add nvidia abstraction to AppArmor profile (Closes: #1022250)
* Hotfix exploit with notifications (Closes: #1054638)
* Bump Standards-Version to 4.7.0
Checksums-Sha1:
a9d81425e365bc75f1d1abf649fbb5ec51ad4a2c 2393 qtox_1.17.6-1.dsc
7ec6356da1c52cfe39c2cdfc3587664543ec9248 4777590 qtox_1.17.6.orig.tar.gz
4ca299df443033b2a006744bf9b8093b3b0d7bea 833 qtox_1.17.6.orig.tar.gz.asc
02ad75adb0dcaf3234c84740c2e40d7936d59c5b 22664 qtox_1.17.6-1.debian.tar.xz
faf6aaf43967d14ca9e7550a58c3432f8dba6e30 16955 qtox_1.17.6-1_amd64.buildinfo
Checksums-Sha256:
9cc8a31f9afc69c2e05456d48918fd74453ac104cde0df58c0d7437d07e32024 2393
qtox_1.17.6-1.dsc
3900764667319baa8a0da95e051e0a6c167f9c2c67e4b9c98d108f7b7bf888d6 4777590
qtox_1.17.6.orig.tar.gz
d9c54cbca379bdf3746e1550d852d1016c2020b9397049dbbf90bee4ce244703 833
qtox_1.17.6.orig.tar.gz.asc
10b055a627fcdadb61b5c49e15c23057c8265fc0c6b5f2ab5806beae25a69d3b 22664
qtox_1.17.6-1.debian.tar.xz
b46f0ac40fee9a926a05f22f4ab16a9abb42c2ac2dfcbdde949195ae30310927 16955
qtox_1.17.6-1_amd64.buildinfo
Files:
755aa609085ec03ec155f6f4a2f5c86a 2393 net optional qtox_1.17.6-1.dsc
0bf7bc4133b55e1acf8c800c64e1f1c3 4777590 net optional qtox_1.17.6.orig.tar.gz
5c3c3b081f128f43dcbce43bb4aa3c1e 833 net optional qtox_1.17.6.orig.tar.gz.asc
7844649f4940c7ca3d7d7c5d25071c87 22664 net optional qtox_1.17.6-1.debian.tar.xz
7ab8666ee79d59656068a78434fcd98e 16955 net optional
qtox_1.17.6-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmbPsrUACgkQwpPntGGC
Ws5jIQ//cQabQydTDWABd5gYFvE/Pa7N6b1zY5kN2q+JrOwhRZHsIWlJWqzHUf2m
lj1wr+nEbm+3CnCGg/HSYSuzWP360AWZ+MuGnNhKic+wvupp8rGMAksoqaTEOd3M
iKnSxUvrXgoiWzg86r2wIerr32w94DXHrDmIe4cYCaxtc2u9+1JQ+4py6MLNXLxd
vnIoDMNzc1x81zxYILKz69kDl69FND62SQgm9S2dCEtDTInQ2qkQHoojULsfnGdT
o0u96hdLhOrY8NJawKGYAJjmrSJDnVuSgqbKhSUZhH77EnrOmt92qKRvlZjyqQ6k
M3vb26OY3t0QQJZ4wwsMuYejcUtX3LCmpWS+wh0PXgJSa4k4Bb1lla5r7ytc5/Va
zHfcWugNPcEdvVb3VeYKsl3QapZk/BGQjUCE2QGOAHN8L8vJf0M1Iu+Oq2Vxnzv5
9kUFD9zMb4aA1dXkSgIkZP38gP2+kGSIbawELDFNoaMVlgHFETCu53/eaCeVinlP
pGiR4OGI9y8gSlp7Y3qSaT6hAiSD9mArEP+T+MfOp/RBkCtZgtqUawAvC0MR/GCu
JVBn4WwKERfLwiTS5MKkypegufGo3hroTELMb5HZeF8Pl5L/tpZ/8Hdd97NiY+0U
wNt27vEtNpBRw5arA9wF6cGDp2XrerHfodOWB/PT9itYLJbla2M=
=lrM7
-----END PGP SIGNATURE-----
pgpeeKsPgX__z.pgp
Description: PGP signature
--- End Message ---
