Your message dated Wed, 16 Apr 2025 19:52:02 +0000
with message-id <e1u58ni-00eh6z...@fasolo.debian.org>
and subject line Bug#1103022: fixed in qt6-base 6.8.2+dfsg-6
has caused the Debian Bug report #1103022,
regarding qt6-base: CVE-2025-3512
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1103022: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103022
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qt6-base
Version: 6.8.2+dfsg-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for qt6-base.
CVE-2025-3512[0]:
| There is a Heap-based Buffer Overflow vulnerability in
| QTextMarkdownImporter. This requires an incorrectly formatted
| markdown file to be passed to QTextMarkdownImporter to trigger the
| overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to
| 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-3512
https://www.cve.org/CVERecord?id=CVE-2025-3512
[1] https://codereview.qt-project.org/c/qt/qtbase/+/635546
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qt6-base
Source-Version: 6.8.2+dfsg-6
Done: Patrick Franz <delta...@debian.org>
We believe that the bug you reported is fixed in the latest version of
qt6-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Franz <delta...@debian.org> (supplier of updated qt6-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 16 Apr 2025 21:33:04 +0200
Source: qt6-base
Architecture: source
Version: 6.8.2+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Patrick Franz <delta...@debian.org>
Closes: 1095836 1103022
Changes:
qt6-base (6.8.2+dfsg-6) unstable; urgency=medium
.
[ Patrick Franz ]
* Backport patch to fix issue when configuring Plasma to have multiple
Notification widgets, fixes QTBUG-134210.
* Backport patch to fix CVE-2025-3512 (Closes: #1103022).
* Let qt6-gtk-platformtheme depend on gnome-themes-extra-data to fix
issue with dark themes (Closes: #1095836).
.
[ Pino Toscano ]
* Bump Standards-Version to 4.7.2, no changes required.
Checksums-Sha1:
00462bab9b198f3a8a7242f3ea3c95011fb615fd 5470 qt6-base_6.8.2+dfsg-6.dsc
25e6f2e6c423245fe3b3e8c4a22d7826f3fd6664 193660
qt6-base_6.8.2+dfsg-6.debian.tar.xz
0c064a228ab929bb1ad6acc46015b2927cbe10d5 10562
qt6-base_6.8.2+dfsg-6_source.buildinfo
Checksums-Sha256:
3b2778d030ce9567bf8ec9c940d0258f398f24629a51da3c73c4ba080e8bd080 5470
qt6-base_6.8.2+dfsg-6.dsc
3444a1f018938896c1ac7f576ad4e83c6e8fe6259b029d698b228767a1d32fd1 193660
qt6-base_6.8.2+dfsg-6.debian.tar.xz
55d02e6a5a35b2d62c81791bf9eb8189e15e67b61896c626bfbddcc8787eac4c 10562
qt6-base_6.8.2+dfsg-6_source.buildinfo
Files:
640188e7115b888cf51771bcd284bdbd 5470 libs optional qt6-base_6.8.2+dfsg-6.dsc
414c6aefe34b9badc073efdc55836a18 193660 libs optional
qt6-base_6.8.2+dfsg-6.debian.tar.xz
12e1a4f93678ee766cc2d0beb1366e6e 10562 libs optional
qt6-base_6.8.2+dfsg-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJoAAYCCRCen3pgMHf+VkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeafkMLBCbQc59PWPuhGply23+DOkWGLxbwnFX+GKFj
lxYhBGKHQVw0evHMWR7typ6femAwd/5WAADjLxAAiMYcZx5S/jvoAnBlarlHtJ72
AmWL+yTSdbkY1Go3P/S9IHZvjMcWi/LZVzhkv0BRt54x5xBLUBg2TQbSrHSs66zi
XF7VdtkeZ91iNhG/W2aIJxFb7F0t0pcc8lmUVokizHtgmGgRKAY0c6kys+OGpHtV
JnAQWeD7onR3f6X733alsKQrVYcdVqBIc7n3oXqMITlJb+iAvPzgHu/CV1jz1pQ7
MAoNToMZptLgFbkLRLi32aT+o3YdJ6H8INKDdgwQ3Zm8NKzyb+3ZRvgxpPX7ZHJr
7SrLWHOfPtKrtjOc2ab3OfiVb7dSTnn77h2uwsa+ljfwWPCol/f1f1+7NuWIYJ60
8c1Y8Lh+ch0+HhmRQLvdUWG5gBx29CF82pcJp5sOvY8rzTY9vT05hFCCrp65aY7U
Iuqjsrjv2nGNGrd9KAWthZao4H7xnOmUtJKq9MB3zZYyVLdgLMmlmBQSQ+YMJoIz
kNn2BaiGFXW3Dyx4bubXlmNcmKMC8Ozykh7eQ+yBkrOPu2PWuIjgM6piujYyghol
pz8+LV4vFFCIcWuEZyFL7Xm7wjh8HnU7jF0qxwUiPQEwpQVEokTcIx03vU7FwgT8
BTjLUM3aJhVkM3Zyg67DglSd0ThhXGFQJTpUmL06GmHwW52WmerV7jZJFe+hx2XQ
L/5y8Bxcre9zqzdwDTA=
=leVd
-----END PGP SIGNATURE-----
pgpuw53dwJd57.pgp
Description: PGP signature
--- End Message ---
