Your message dated Fri, 24 Feb 2023 22:07:34 +0000
with message-id <e1pvge2-008lvw...@fasolo.debian.org>
and subject line Bug#1031871: fixed in qt6-base 6.4.2+dfsg-6
has caused the Debian Bug report #1031871,
regarding qt6-base: CVE-2023-24607
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1031871: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031871
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qt6-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qt6-base.
CVE-2023-24607[0]:
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS
with a specifically crafted string
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
(6.4)
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-24607
https://www.cve.org/CVERecord?id=CVE-2023-24607
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: qt6-base
Source-Version: 6.4.2+dfsg-6
Done: Patrick Franz <delta...@debian.org>
We believe that the bug you reported is fixed in the latest version of
qt6-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1031...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Franz <delta...@debian.org> (supplier of updated qt6-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Feb 2023 22:31:24 +0100
Source: qt6-base
Architecture: source
Version: 6.4.2+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Patrick Franz <delta...@debian.org>
Closes: 1031871
Changes:
qt6-base (6.4.2+dfsg-6) unstable; urgency=medium
.
[ Patrick Franz ]
* Add patch to fix CVE-2023-24607 (Closes: #1031871).
Checksums-Sha1:
12c0d6c19151d8607add64e9382a3258be8abac3 4830 qt6-base_6.4.2+dfsg-6.dsc
6539239e28a1ce4bb72bf42b06bc77b32b09a863 177328
qt6-base_6.4.2+dfsg-6.debian.tar.xz
195ec438937675cbc95120232c4675f341a22e43 9348
qt6-base_6.4.2+dfsg-6_source.buildinfo
Checksums-Sha256:
8be0653c2558e83450a62009ca12983a3fdf05edec7bac963c071a074c91e8a6 4830
qt6-base_6.4.2+dfsg-6.dsc
d37fd43392ea74f8517b8d32cb1cef1f09987154a4a700dc6b83c3f6f4b67ab8 177328
qt6-base_6.4.2+dfsg-6.debian.tar.xz
753a52ce7c803eb88f7594e0166c6df9949b01dd7215bd9d443aae0e09cff3b6 9348
qt6-base_6.4.2+dfsg-6_source.buildinfo
Files:
170d22c33721e3d4c9aeea7036184ee4 4830 libs optional qt6-base_6.4.2+dfsg-6.dsc
36848b405e15079da5b86791ed167e43 177328 libs optional
qt6-base_6.4.2+dfsg-6.debian.tar.xz
2e3d4fd63d033e447dc6112f9b3fec8b 9348 libs optional
qt6-base_6.4.2+dfsg-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEYodBXDR68cxZHu3Knp96YDB3/lYFAmP5LMAACgkQnp96YDB3
/la3aA/+P7sh2miXG9qAu7rt0tz04kig7zThvwcUJMxMG2mNcMAX6kJg3MlrsXu5
dp6T0yLU8SxdR73XFetSbeBipGZEJi14HLAivEmpZ++1NTUwvKWKcwH33aGZ5Hk6
ZU1Y6XBHhPo1SBvkZkqBwk+GWSiDqLKrcNr+p01nPVSDO5ccutJw1PlOkj1V5X6B
3kt/r1WaVVoAQKJTYxuhWM/pTalx9y9O7jzY07asB6F+QhyYch+xR+8osd7fhpGo
4KUPCFmKpT9qQotuOhOeH8WbePzLI/i/WcdLNJHVRPjlx3urtvVeVbgOLXcaFQAJ
OpjnBozoY4jeAnS/PQ9XPIUa80SY9v626VJsaN9AECg4RsJsrs41MkzCXRSnUJwN
WpydFFXskq6KeC9yvTGZ+5PG9S6guz81UfswArQW5zVh94BWQ9jnxoJuuC2H6uv/
JuYU+/pjhazNg/kvW2kGaHpdr77cPWUqOoD2O4XMKtz65XOu0nWL7qNkEzwPkBd8
ddohFOWx+N5guvQqi1TXAQOMVzovKK2nLoT0bn1ZqNJ/4DQVhc2LalhPg3PjUWKq
c8ofg72waEgPACCpwZDMbFhJjURWnLRjB5gyM5zapegkTrq0OFtY17rOhXtlnn/w
9jAIERf7kNSADBIANsdBkqc5uTF+3pM9wdfZlv6Ewqm9ODaPyZU=
=oerm
-----END PGP SIGNATURE-----
--- End Message ---
