Your message dated Thu, 27 Jul 2023 21:10:14 +0000 with message-id <e1qp8fs-00blbm...@fasolo.debian.org> and subject line Bug#1041105: fixed in qtbase-opensource-src 5.15.10+dfsg-3 has caused the Debian Bug report #1041105, regarding qtbase-opensource-src: CVE-2023-38197 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1041105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041105 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qtbase-opensource-src X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src. CVE-2023-38197[0]: | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and | 6.3.x through 6.5.x before 6.5.3. There are infinite loops in | recursive entity expansion. https://codereview.qt-project.org/c/qt/qtbase/+/488960 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-38197 https://www.cve.org/CVERecord?id=CVE-2023-38197 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: qtbase-opensource-src Source-Version: 5.15.10+dfsg-3 Done: Dmitry Shachnev <mity...@debian.org> We believe that the bug you reported is fixed in the latest version of qtbase-opensource-src, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1041...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Shachnev <mity...@debian.org> (supplier of updated qtbase-opensource-src package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Jul 2023 23:01:32 +0300 Source: qtbase-opensource-src Architecture: source Version: 5.15.10+dfsg-3 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Dmitry Shachnev <mity...@debian.org> Closes: 1041105 Changes: qtbase-opensource-src (5.15.10+dfsg-3) unstable; urgency=medium . [ Pino Toscano ] * Drop the support for the dead GNU/kFreeBSD: - drop the patches gnukfreebsd.diff, and nonlinux_utime.diff, as they only apply changes to that OS - drop installed files added by them - drop the kfreebsd-any qualifiers from the firebird-dev, and libgbm-dev build dependencies - drop the kfreebsd-any qualifiers from binary packages - drop the kfreebsd-any qualifiers in install files - drop the kfreebsd qualifiers in symbols files * More changes to symbols files: - set a symbol as linux-any, as it is Linux-specific - drop mips, and powerpcspe qualifiers, as those architectures are long dead * Remove 2 obsolete maintscript entries in 2 files. . [ Dmitry Shachnev ] * Backport upstream patches to make QXmlStreamReaderPrivate::fastScanName indicate parsing status to callers (CVE-2023-37369). * Backport upstream patch to make QXmlStreamReader raise error on unexpected tokens (CVE-2023-38197, closes: #1041105). Checksums-Sha1: 52d02cc766fa0b3781aac3f5de34b8eca7c2e6b3 5312 qtbase-opensource-src_5.15.10+dfsg-3.dsc 7d5bc74e0998f2df03c731d94ea92be8612419ea 233696 qtbase-opensource-src_5.15.10+dfsg-3.debian.tar.xz 64feff56a06ff14a0bd84b9244c7a4a5597d424d 15769 qtbase-opensource-src_5.15.10+dfsg-3_source.buildinfo Checksums-Sha256: 73369c1cc94b02157cd7ada0d8988d03e4d8dacb0c81b376fbdc100eb3b9c250 5312 qtbase-opensource-src_5.15.10+dfsg-3.dsc e4a0d19813a763d4ef7fe5d0d6b90e905a8a3ebe8fdbec540bc49c51df172d1a 233696 qtbase-opensource-src_5.15.10+dfsg-3.debian.tar.xz 1add99533ba37725724ab92753919e28e2b4506560db6ac475e30b0cbc5bbb68 15769 qtbase-opensource-src_5.15.10+dfsg-3_source.buildinfo Files: 707dd0e55428b75609297b8854433b43 5312 libs optional qtbase-opensource-src_5.15.10+dfsg-3.dsc 74c73c3bdee2d7fc5ea4c8cbebc43a94 233696 libs optional qtbase-opensource-src_5.15.10+dfsg-3.debian.tar.xz 6a5b3a54ed55c65f317edbf1ae112f39 15769 libs optional qtbase-opensource-src_5.15.10+dfsg-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEE5688gqe4PSusUZcLZkYmW1hrg8sFAmTCzbkTHG1pdHlhNTdA ZGViaWFuLm9yZwAKCRBmRiZbWGuDy/aAD/9WQXu3/qbSCGiWMQ4A/u0LxYbjiKgK cJtdbU2/EG6NqYp2xBTbreIHLJtslSSULl6VsVlhm0dNn/1XI+9rA6jqxcR/liXa imKsJpboQ64vjYIZSUg9vLInlkPq9d9POQrX93MGZcKL9uE3jk2H9idvpaOpcvmM MUblBhAisOgNr8dhF2RGb5YkvWkxHtf8xirr0xWiX9/3cLiXgkaxMsxH75eJfld8 fwD6fmd3DmyocEop6Qaw8OzGxDgWeLu+AmC3xf2i9sl+270vwZZJN3Ve45bvWCcx 8pjFsz5ANUiiMa2ro2mKVhZ/xAf/jkm3BLVEnGS9yY2j7tSQp5+4aP4F+HEkhmwh Nt5KAmpv8YmDCfEyvEFppswhreFl1ZLYCZzE8lrbcojeCZGqssjyFeW8k47+f6N5 //gFDNT7MmJ1H8fXv0QAFOSoZh4SgKnMJ7eDlarsJJ3O519DHtPhiRCX2E6L6dkl VrhDQF+fos6N5EuU7aJwklrZ7+xQZxRvFOQP7eKEDfA+M5dYNjIBTeBVNzZXhlX2 ESTTiMOQFcTJVvqU2keAe9f9kBT7gKW49SA/n5IiVf4H3N0IheZFByZ6lF96EKxF eD1lQJBOGikNR3mlRrGbuW934NETIU5kC8ZqD5wGv/fBprSHuqWYxJWAfi1R11sN XLsOH9RrO8296Q== =nOfH -----END PGP SIGNATURE-----
--- End Message ---
