Your message dated Fri, 09 Jan 2026 21:07:07 +0000
with message-id <[email protected]>
and subject line Bug#1122056: fixed in qtdeclarative-opensource-src-gles
5.15.18+dfsg-1
has caused the Debian Bug report #1122056,
regarding qtdeclarative-opensource-src-gles: CVE-2025-12385
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122056
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qt6-declarative
Version: 6.9.2+dfsg-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2 -3
Control: reassign -2 src:qtdeclarative-opensource-src 5.15.17+dfsg-3
Control: retitle -2 qtdeclarative-opensource-src: CVE-2025-12385
Control: reassign -3 src:qtdeclarative-opensource-src-gles 5.15.17+dfsg-2
Control: retitle -3 qtdeclarative-opensource-src-gles: CVE-2025-12385
Hi,
The following vulnerability was published for QT.
CVE-2025-12385[0]:
| Allocation of Resources Without Limits or Throttling, Improper
| Validation of Specified Quantity in Input vulnerability in The Qt
| Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit,
| 32 bit allows Excessive Allocation. This issue affects users of the
| Text component in Qt Quick. Missing validation of the width and
| height in the <img> tag could cause an application to become
| unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10,
| from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-12385
https://www.cve.org/CVERecord?id=CVE-2025-12385
[1] https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239
https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qtdeclarative-opensource-src-gles
Source-Version: 5.15.18+dfsg-1
Done: Dmitry Shachnev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qtdeclarative-opensource-src-gles, which is due to be installed in the Debian
FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Shachnev <[email protected]> (supplier of updated
qtdeclarative-opensource-src-gles package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 09 Jan 2026 23:43:24 +0300
Source: qtdeclarative-opensource-src-gles
Architecture: source
Version: 5.15.18+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <[email protected]>
Changed-By: Dmitry Shachnev <[email protected]>
Closes: 1122056
Changes:
qtdeclarative-opensource-src-gles (5.15.18+dfsg-1) experimental; urgency=medium
.
* Merge qtdeclarative-opensource-src 5.15.18+dfsg-2 upload.
- Fixes CVE-2025-12385 (closes: #1122056).
* Bump Qt build-dependencies to 5.15.18.
Checksums-Sha1:
8afe16dd727c0db1df3e14e37964fd7e361d4363 2623
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1.dsc
d993149021d819d6ddfbd1f7793ea7c74c6d1822 21700236
qtdeclarative-opensource-src-gles_5.15.18+dfsg.orig.tar.xz
2c87be0890a994b49c05fe60a53166a950c4cf01 43900
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1.debian.tar.xz
e8e1f66da5dac6c1127f642debaecb447c4d4d10 9531
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1_source.buildinfo
Checksums-Sha256:
cad77fcba33cee32bf2028b935d17bf55754204e3b3ee5dbc3b1a8fb68c849ee 2623
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1.dsc
e6e721176c4fd8e07efd859197cd2771bfa8718a70d2613c32529fdbb556418e 21700236
qtdeclarative-opensource-src-gles_5.15.18+dfsg.orig.tar.xz
112391b72a7379262108e5cc2b0377701e6a4887eb89dcecaa136ddd99ef206d 43900
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1.debian.tar.xz
55e798f0f7ebdd88ec20d77ad626c0bba4b655b8781c7e350349285ca74ee5bc 9531
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1_source.buildinfo
Files:
82e23ac70b006d2c4b30d4b1f79550ff 2623 libs optional
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1.dsc
100c106564e1b2817d8054015bd2f3f2 21700236 libs optional
qtdeclarative-opensource-src-gles_5.15.18+dfsg.orig.tar.xz
f8327d0ca55f2b06a9a0d13a6ac16621 43900 libs optional
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1.debian.tar.xz
1494d886aa5dcc6badc5f68b2dba7647 9531 libs optional
qtdeclarative-opensource-src-gles_5.15.18+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEE8kKZ/xu8kBi5BqTLYCaTbS8ciuAFAmlhaYwTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBgJpNtLxyK4IVzEACChi2qRoDs7KEOL5MYCBEcT1fI0qD+
8axqCFDS2+oqUVLLsrer8+SCRb2ChriShVmMfmyxCgpWl5mKokquz2GUwCyyGDHV
KpaS2hpIWr0EWLUyxmAUMKKOX0988+VrmjUX3jZRrcPm45Va6zSEc4foKOiTkLqy
zOl4MrMmAQujeK+VXESJf/H13U/jxknYFFaslTNytpPu6b88UcgBQAxRTxOV0/N0
5jxfnq2b2iR/FQwye5wNEQEUUtrnbUkRMG3szfk4dBOwc0CKx5YNsQPtEPkxgPh5
cx/OAx73Y8+Pl3/kPR9wI8MPtCBCZASyAfkLJEKW9r03Hqp81D0lcEpOHc0VPClK
bPL1AkaakLcKIInMMrlSbqzGVU9lUhR96QThOzltQ6UJ1G6zzTa5Sg/ghgvbIOv3
lh+FNKghEY8GkbWkQNY5FPl9bsjXh8Xxy9RhXp/3/OCLdK92/YtiuMAP6Eu4L2Jw
y9QBKhrh9HUHoy5T+2XEiYiBkV6FfAALyi5VhSyp62oWsUOpXQEqrqUMLkPimfwg
6yOKbshS8eaCg9h/Q8xxRB4b+d5YbS/GRqhiAc51hlX6x/eeO4DjGCyNyhVtAYiF
7/ainq/wczht7ublSlzTDUsq7aX9zxNlcufHNUMCAVpi8qI/A7s8ojufTYUKFdMT
Nh/2sNR+WprX4g==
=/Lj4
-----END PGP SIGNATURE-----
pgpdyeYMHQMgo.pgp
Description: PGP signature
--- End Message ---
