Your message dated Fri, 31 May 2024 07:05:10 +0000
with message-id <e1scwk6-007tzt...@fasolo.debian.org>
and subject line Bug#1071974: fixed in qtnetworkauth-everywhere-src 5.15.13-3
has caused the Debian Bug report #1071974,
regarding qtnetworkauth-everywhere-src: CVE-2024-36048
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1071974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071974
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qt6-networkauth
Version: 6.4.2-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:qtnetworkauth-everywhere-src 5.15.13-2
Control: retitle -2 qtnetworkauth-everywhere-src: CVE-2024-36048
Hi,
The following vulnerability was published for QAbstractOAuth.
CVE-2024-36048[0]:
| QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x
| before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through
| 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may
| result in guessable values.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-36048
https://www.cve.org/CVERecord?id=CVE-2024-36048
[1] https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
[2] https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qtnetworkauth-everywhere-src
Source-Version: 5.15.13-3
Done: Dmitry Shachnev <mity...@debian.org>
We believe that the bug you reported is fixed in the latest version of
qtnetworkauth-everywhere-src, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Shachnev <mity...@debian.org> (supplier of updated
qtnetworkauth-everywhere-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 31 May 2024 09:34:41 +0300
Source: qtnetworkauth-everywhere-src
Architecture: source
Version: 5.15.13-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mity...@debian.org>
Closes: 1071974
Changes:
qtnetworkauth-everywhere-src (5.15.13-3) unstable; urgency=medium
.
* Backport upstream patch to fix data race and poor seeding in
generateRandomString() (closes: #1071974, CVE-2024-36048).
- Add one new symbol to debian/libqt5networkauth5.symbols.
Checksums-Sha1:
1f9a38caa6b98f0e1694c650edaed601a2caf6e4 2902
qtnetworkauth-everywhere-src_5.15.13-3.dsc
d26c05fe5f74d987bf3d068fbb7a2d5f76b4d179 9432
qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz
e488bc90bd836bd1e0fc0ad3416e0a8a4edb4605 11872
qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo
Checksums-Sha256:
f3748ba8fbc5d976b3558f56eeea5782f145db3f4ebeeef9afdc2512b91c8087 2902
qtnetworkauth-everywhere-src_5.15.13-3.dsc
7cc912946d198c215e18eb2594a69f576ff83f44e77d64c51254605c3f0ca70b 9432
qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz
e045b642751013634be4e81215871fcce541798f24eb3d70041f36af8adb5430 11872
qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo
Files:
1dbb8038380e4384b8bbf048fb1402bb 2902 libs optional
qtnetworkauth-everywhere-src_5.15.13-3.dsc
60f1b8723d229621ed7a81e251fb5421 9432 libs optional
qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz
975717f4c3c823cdb2af0422a154ddc5 11872 libs optional
qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmZZb6ETHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRCyZhS0UvRGtvX2D/4wjm5UR3zhreVGNNrtJ+38SAwWctJa
BUxwhBtnZq64BJLrgTmqJdYRcBQYEwVOwhCxn3vKkEng39mzvS+P/Mcpzy4ko4/S
8wESQcUZywrcoT6CqS4521WdzMchmmc0YE+O/9uWewzt9Addt0lUy3mafJ7DXjgX
1a4QcJ0U9JPImDHKy7aaSkxuvRPfOq4GNFbtusqbIZTKps8UPmJlsIrmSw1TgtQc
/hjortzX5SDVhXj5IgIki++TfiFfids9RJ/rPWUDBjopAHeedLvHZZPZaO+G0rLQ
l7/kksHr3ypNEfiePLMb9ByStWXmcejpDNBO4QQzwWuj2d8kTm16wZuXk6UQgaxm
1xgF3t52axosOhkxdPbDgWkr1NkezZi4j82PFAexs5ghyu3I1oqpAPMH6ZBPLqSA
6vdEcWY8RW5AoLgaSWb5kznFtPhvU2Z6IBOykUbcKYuvCWGPeRBsPnfnXU2YglLy
obA21USLSWldBDPN6gw0XPoM0z2apjuCqwB1F7vyht4UKRlJX2xOJ6urAUNTXA1P
pgoVRhw8G0HDD/s/1EuaKwlWEJXXRG++i1ie0EgA59kDueCJHsWnPm5FEawV6gWN
w4l46t3PlSpgnABTkgWE018e0tOfsUmEgh6agNNk/R2Y9M+ffeKJDGEhS5kfp9MT
QAagdw70LlMhPw==
=NE0B
-----END PGP SIGNATURE-----
pgpLIQeckgSvN.pgp
Description: PGP signature
--- End Message ---
