Your message dated Mon, 27 Feb 2023 09:08:05 +0000 with message-id <e1pwzul-003vpg...@fasolo.debian.org> and subject line Bug#1031872: fixed in qtbase-opensource-src 5.15.8+dfsg-3 has caused the Debian Bug report #1031872, regarding qtbase-opensource-src: CVE-2023-24607 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1031872: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031872 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qtbase-opensource-src X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src. CVE-2023-24607[0]: When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-24607 https://www.cve.org/CVERecord?id=CVE-2023-24607 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: qtbase-opensource-src Source-Version: 5.15.8+dfsg-3 Done: Dmitry Shachnev <mity...@debian.org> We believe that the bug you reported is fixed in the latest version of qtbase-opensource-src, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1031...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Shachnev <mity...@debian.org> (supplier of updated qtbase-opensource-src package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Feb 2023 11:28:53 +0300 Source: qtbase-opensource-src Architecture: source Version: 5.15.8+dfsg-3 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Dmitry Shachnev <mity...@debian.org> Closes: 1031872 Changes: qtbase-opensource-src (5.15.8+dfsg-3) unstable; urgency=medium . * Use ${DEB_HOST_GNU_TYPE} substitution in debian/qt5-qmake.install. * Add upstream patch to fix denial-of-service in Qt SQL ODBC plugin (CVE-2023-24607, closes: #1031872). * Update debian/libqt5gui5.symbols from s390x build log. * Amend image_deletion_order.diff from one more upstream commit. Checksums-Sha1: 79cbc416c6b8e21dc143fad767af2e0b6a54be13 5430 qtbase-opensource-src_5.15.8+dfsg-3.dsc bf02b827043f61b253797e14c9d5d7ee4c805a80 230404 qtbase-opensource-src_5.15.8+dfsg-3.debian.tar.xz a8b7862596196c6e3e312883af11603d3be20515 15488 qtbase-opensource-src_5.15.8+dfsg-3_source.buildinfo Checksums-Sha256: 05e560b29235d8d737039ef277bceeb0ae94ca1240d42c805490ed6de5e13bd5 5430 qtbase-opensource-src_5.15.8+dfsg-3.dsc 15632f8fc4eb4a9fc7ad017d879f4c6d552c4cbd716450fcb366a360b0395430 230404 qtbase-opensource-src_5.15.8+dfsg-3.debian.tar.xz c6b3689a3d6c5034cd26a96ca009a3b30d1e1e7426a27439896d7e937eb4f444 15488 qtbase-opensource-src_5.15.8+dfsg-3_source.buildinfo Files: c45502cc8c95de3e4f3194a115676ddc 5430 libs optional qtbase-opensource-src_5.15.8+dfsg-3.dsc ea61279cd46fa3ca3ff4ed120411f1f0 230404 libs optional qtbase-opensource-src_5.15.8+dfsg-3.debian.tar.xz 2b1188b143dba4f1c41a5158fc6a388b 15488 libs optional qtbase-opensource-src_5.15.8+dfsg-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEE5688gqe4PSusUZcLZkYmW1hrg8sFAmP8atgTHG1pdHlhNTdA ZGViaWFuLm9yZwAKCRBmRiZbWGuDy13JD/9rN617jXUd+WbXoaI/R95DcW9ivaxR XWtrPTXcr26bmROnviNBaFDNpT3hNXsPxio96MPgmNQPFrj7PbgP81vFsMW1lqhF dfd+ATj0FSWTpdiYgTOLj74vDHF9LFK/+7VmJV2rS+vWt7DyoYtf59pzasd6/N6Y FYMBlLFPkVEHAML3+G8tOC/wTyVd4cBjV7iCCgYm8zL+v+s8ov39EbB9NxLo92BG gw8QBo8RuSucxeUsbbXXIRoc2e3Krkzbpjl2hXT04E22Subg6DuqUZ7uWnpGf/lg 9rN3mxgLMJRObWIFGBDfVWlI2kMAbsQlrqPbS9Hbceg3cH0kw+muYOW9manpuku1 V67t2N4/7cSYOL/ZR7AghqHAqYnNkdBA7Nbvlp8iPqH5UbET3R1N3dYp5EO9tGw0 mXvCCTXjbRfaXragnvg2P5yx7rGwLHiyLWhntIrW4ad+Oy41EbuqktXDYnWP0DgM MDr7P/6CnIQc0+A+5C3e/Lz2yeRFRxj743FyItqYWvAocZB4e/sfpb5h4ekd8ghJ dtXnzpC1IU+SBBU6kpjE6H5ig9o1wwQrGXVcd49bNZ/Kg8uRE7acxk/Wu0q6Di3D deZN42tviphbtgXFOrSUsG0X7OGj2f+ckmyr7Kq1b/BJsoeFLnEAVc+FQBXYSCEJ YzEGz7A/SpHnmw== =eCxB -----END PGP SIGNATURE-----
--- End Message ---
