qtnetworkauth-everywhere-src_5.15.13-3_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 31 May 2024 09:34:41 +0300 Source: qtnetworkauth-everywhere-src Architecture: source Version: 5.15.13-3 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Dmitry Shachnev Closes: 1071974 Changes: qtnetworkauth-everywhere-src (5.15.13-3) unstable; urgency=medium . * Backport upstream patch to fix data race and poor seeding in generateRandomString() (closes: #1071974, CVE-2024-36048). - Add one new symbol to debian/libqt5networkauth5.symbols. Checksums-Sha1: 1f9a38caa6b98f0e1694c650edaed601a2caf6e4 2902 qtnetworkauth-everywhere-src_5.15.13-3.dsc d26c05fe5f74d987bf3d068fbb7a2d5f76b4d179 9432 qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz e488bc90bd836bd1e0fc0ad3416e0a8a4edb4605 11872 qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo Checksums-Sha256: f3748ba8fbc5d976b3558f56eeea5782f145db3f4ebeeef9afdc2512b91c8087 2902 qtnetworkauth-everywhere-src_5.15.13-3.dsc 7cc912946d198c215e18eb2594a69f576ff83f44e77d64c51254605c3f0ca70b 9432 qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz e045b642751013634be4e81215871fcce541798f24eb3d70041f36af8adb5430 11872 qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo Files: 1dbb8038380e4384b8bbf048fb1402bb 2902 libs optional qtnetworkauth-everywhere-src_5.15.13-3.dsc 60f1b8723d229621ed7a81e251fb5421 9432 libs optional qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz 975717f4c3c823cdb2af0422a154ddc5 11872 libs optional qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo -BEGIN PGP SIGNATURE- iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmZZb6ETHG1pdHlhNTdA ZGViaWFuLm9yZwAKCRCyZhS0UvRGtvX2D/4wjm5UR3zhreVGNNrtJ+38SAwWctJa BUxwhBtnZq64BJLrgTmqJdYRcBQYEwVOwhCxn3vKkEng39mzvS+P/Mcpzy4ko4/S 8wESQcUZywrcoT6CqS4521WdzMchmmc0YE+O/9uWewzt9Addt0lUy3mafJ7DXjgX 1a4QcJ0U9JPImDHKy7aaSkxuvRPfOq4GNFbtusqbIZTKps8UPmJlsIrmSw1TgtQc /hjortzX5SDVhXj5IgIki++TfiFfids9RJ/rPWUDBjopAHeedLvHZZPZaO+G0rLQ l7/kksHr3ypNEfiePLMb9ByStWXmcejpDNBO4QQzwWuj2d8kTm16wZuXk6UQgaxm 1xgF3t52axosOhkxdPbDgWkr1NkezZi4j82PFAexs5ghyu3I1oqpAPMH6ZBPLqSA 6vdEcWY8RW5AoLgaSWb5kznFtPhvU2Z6IBOykUbcKYuvCWGPeRBsPnfnXU2YglLy obA21USLSWldBDPN6gw0XPoM0z2apjuCqwB1F7vyht4UKRlJX2xOJ6urAUNTXA1P pgoVRhw8G0HDD/s/1EuaKwlWEJXXRG++i1ie0EgA59kDueCJHsWnPm5FEawV6gWN w4l46t3PlSpgnABTkgWE018e0tOfsUmEgh6agNNk/R2Y9M+ffeKJDGEhS5kfp9MT QAagdw70LlMhPw== =NE0B -END PGP SIGNATURE- pgpz7ok2qy3aS.pgp Description: PGP signature
Processing of qtnetworkauth-everywhere-src_5.15.13-3_source.changes
qtnetworkauth-everywhere-src_5.15.13-3_source.changes uploaded successfully to localhost along with the files: qtnetworkauth-everywhere-src_5.15.13-3.dsc qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#1071974: marked as done (qtnetworkauth-everywhere-src: CVE-2024-36048)
Your message dated Fri, 31 May 2024 07:05:10 + with message-id and subject line Bug#1071974: fixed in qtnetworkauth-everywhere-src 5.15.13-3 has caused the Debian Bug report #1071974, regarding qtnetworkauth-everywhere-src: CVE-2024-36048 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1071974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071974 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: qt6-networkauth Version: 6.4.2-5 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: clone -1 -2 Control: reassign -2 src:qtnetworkauth-everywhere-src 5.15.13-2 Control: retitle -2 qtnetworkauth-everywhere-src: CVE-2024-36048 Hi, The following vulnerability was published for QAbstractOAuth. CVE-2024-36048[0]: | QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x | before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through | 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may | result in guessable values. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-36048 https://www.cve.org/CVERecord?id=CVE-2024-36048 [1] https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 [2] https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: qtnetworkauth-everywhere-src Source-Version: 5.15.13-3 Done: Dmitry Shachnev We believe that the bug you reported is fixed in the latest version of qtnetworkauth-everywhere-src, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1071...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Shachnev (supplier of updated qtnetworkauth-everywhere-src package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 31 May 2024 09:34:41 +0300 Source: qtnetworkauth-everywhere-src Architecture: source Version: 5.15.13-3 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Dmitry Shachnev Closes: 1071974 Changes: qtnetworkauth-everywhere-src (5.15.13-3) unstable; urgency=medium . * Backport upstream patch to fix data race and poor seeding in generateRandomString() (closes: #1071974, CVE-2024-36048). - Add one new symbol to debian/libqt5networkauth5.symbols. Checksums-Sha1: 1f9a38caa6b98f0e1694c650edaed601a2caf6e4 2902 qtnetworkauth-everywhere-src_5.15.13-3.dsc d26c05fe5f74d987bf3d068fbb7a2d5f76b4d179 9432 qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz e488bc90bd836bd1e0fc0ad3416e0a8a4edb4605 11872 qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo Checksums-Sha256: f3748ba8fbc5d976b3558f56eeea5782f145db3f4ebeeef9afdc2512b91c8087 2902 qtnetworkauth-everywhere-src_5.15.13-3.dsc 7cc912946d198c215e18eb2594a69f576ff83f44e77d64c51254605c3f0ca70b 9432 qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz e045b642751013634be4e81215871fcce541798f24eb3d70041f36af8adb5430 11872 qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo Files: 1dbb8038380e4384b8bbf048fb1402bb 2902 libs optional qtnetworkauth-everywhere-src_5.15.13-3.dsc 60f1b8723d229621ed7a81e251fb5421 9432 libs optional qtnetworkauth-everywhere-src_5.15.13-3.debian.tar.xz 975717f4c3c823cdb2af0422a154ddc5 11872 libs optional qtnetworkauth-everywhere-src_5.15.13-3_source.buildinfo -BEGIN PGP SIGNATURE- iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmZZb6ETHG1pdHlhNTdA ZGViaWFuLm9yZwAKCRCyZhS0UvRGtvX2D/4wjm5UR3zhreVGNNrtJ+38SAwWctJa BUxwhBtnZq64BJLrgTmqJdYRcBQYEwVOwhCxn3vKkEng39mzvS+P/Mcpzy4ko4/S 8wESQcUZywrcoT6CqS4521WdzMchmmc0YE+O/9uWewzt9Addt0lUy3mafJ7DXjgX 1a4QcJ0U9JPImDHKy7aaSkxuvRPfOq4GNFbtusqbIZTKps8UPmJlsIrmSw1TgtQc /hjortzX5SDVhXj5IgIki++TfiFfids9RJ/rPWUDBjopAHeedLvHZZPZaO+G0rLQ l7/kksHr3ypNEfiePLMb9ByStWXmcejpDNBO4QQzwWuj2d8kTm16wZuXk6UQgaxm 1xgF3t52axosOhkxdPbDgWkr1NkezZi4j82PFAexs5ghyu3I1oqpAPMH6ZBPLqSA 6vdEcWY8RW5AoLgaSWb5
Bug#1072277: kleopatra: Searches for libassuan with libassuan-config
Source: kleopatra Version: 4:22.12.3-2 Severity: important User: ametz...@debian.org Usertags: libassuan-config-removal kleopatra relies on libassuan-config to locate libassuan. libassuan-config is scheduled for removal and will be dropped in the next major libassuan release. Please use pkg-config/pkgconf instead. You can verify your fix by rebuilding after diverting libassuan-config like this dpkg-divert --rename --divert /usr/bin/libassuan-config-disabled --add /usr/bin/libassuan-config # divert on This change can be reverted with dpkg-divert --rename --remove /usr/bin/libassuan-config cu Andreas
plasma-workspace_5.27.11.1-1_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 31 May 2024 16:54:34 +0200 Source: plasma-workspace Architecture: source Version: 4:5.27.11.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Patrick Franz Changes: plasma-workspace (4:5.27.11.1-1) unstable; urgency=medium . [ Patrick Franz ] * New upstream release 5.27.11.1, fixes CVE-2024-36041. * Build-depend on pkgconf instead of pkg-config as the latter has been superseded by the former. Checksums-Sha1: d88bd7f64779a4a2b165db719ead3caafa33ef70 5967 plasma-workspace_5.27.11.1-1.dsc 9424de684f3c32aaf46949903e5b0d00034dc31b 19490624 plasma-workspace_5.27.11.1.orig.tar.xz f03bb7162549bf7e747d0ceade0b14307d041b17 833 plasma-workspace_5.27.11.1.orig.tar.xz.asc a23a4cc38983ed2fe3ce03e6cfe76c61a589c5f6 55196 plasma-workspace_5.27.11.1-1.debian.tar.xz 0a4205b891947ff10de0cae32a064c78c4213521 22323 plasma-workspace_5.27.11.1-1_source.buildinfo Checksums-Sha256: 34ddc06978fa9a4f28846e3e780903fefe0e326812016ae0e73ee5220484ce48 5967 plasma-workspace_5.27.11.1-1.dsc c742428daa957c57c4039aa015a3e6fb7e78b55bf5802b38d3b5ac7acf472bae 19490624 plasma-workspace_5.27.11.1.orig.tar.xz db2d467346470d6ce238569f28190e2ce59ba17e1198213732827757c0f54dcd 833 plasma-workspace_5.27.11.1.orig.tar.xz.asc cde20474fc90388dc3a7f135abf68ba2887e3ee4e4633b0ce3c71e6718edd43b 55196 plasma-workspace_5.27.11.1-1.debian.tar.xz 726499022d6de776e25a7e03cb53ea65d1af10ccc5c951a770b6253cd2786214 22323 plasma-workspace_5.27.11.1-1_source.buildinfo Files: 7ac3b85389c8ef2c108e4cd7374d6254 5967 kde optional plasma-workspace_5.27.11.1-1.dsc f86c78468e216e5c8ce3209c9778eafe 19490624 kde optional plasma-workspace_5.27.11.1.orig.tar.xz f8eb08bf82e0a321541cd6a7caf5e5e9 833 kde optional plasma-workspace_5.27.11.1.orig.tar.xz.asc 107663042fc94f237ef1b48490d5b2be 55196 kde optional plasma-workspace_5.27.11.1-1.debian.tar.xz f5b04c1dd52819a8ba4219c5cb455dac 22323 kde optional plasma-workspace_5.27.11.1-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEYodBXDR68cxZHu3Knp96YDB3/lYFAmZZ5LsACgkQnp96YDB3 /lZ3uxAAuBm6IERDGaLHfKVTRAmJN1MjL4MxBxhMY18uHXGv+T/C9EqsmhfrROjm KavMU49/0uwdfdTJVKQzd/oUbSh0z5LhV82ZpB2pAncQK3/m957ndMpq0edFdfvF rlBVuvbYtdqZPDhU9bhI+wHCnGdKuq8+MiK1zFf8horYhQXzfdDEoxbpGnCV+M5H mFv8iMTQKFsdNvVNqlDqk/OsZD9R7LBUcoN0NJYhym3nrUZ2aOwuGnDeGidxZtmk YRlKl0JN2pz+GY7uM5CQY8kOoqzZJi7RUM7lIWkCKByr4EI5T9OgM0MVrIPEansx 1wIfvqkDcVI5cHZMC6OLtjK3WQVUA4PrsX+nmsz2yYJoZxb0VC/pmNfy1vkdqYG0 k+7RvvHEtai9lyCol1xYRaLEkGnSw76JgMGivItkbMV0Pr0LyA82CWT87W8UpJfd lwOWW1SDMeZnxTFep8ckCtiLfNbnu/+mYOTlWhigYpAuc2Bz7SsoDYxSzS4pYLVD ezH7tfwdPZssJgbZ+Zr/1JzGgbzi8z1g52Gapo9SO84aFXx0O92h5i4UkS8yQeOm CVRphGMnMVF4HDd6WX78tEDMIQ6d7XQTaqdbw/R1R6234CcvwWSrDVL6xogD25Z0 +eyqyKklKLRTytwVXyC8zK317HNkJDPARMFE1n0qd9fSxFIsGEw= =CXG4 -END PGP SIGNATURE- pgptHxFnqxCSS.pgp Description: PGP signature
Processing of plasma-workspace_5.27.11.1-1_source.changes
plasma-workspace_5.27.11.1-1_source.changes uploaded successfully to localhost along with the files: plasma-workspace_5.27.11.1-1.dsc plasma-workspace_5.27.11.1.orig.tar.xz plasma-workspace_5.27.11.1.orig.tar.xz.asc plasma-workspace_5.27.11.1-1.debian.tar.xz plasma-workspace_5.27.11.1-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processing of qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1_source.changes
qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1_source.changes uploaded successfully to localhost along with the files: qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1.dsc qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1.debian.tar.xz qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1_source.changes ACCEPTED into stable-backports
Thank you for your contribution to Debian. Mapping bookworm-backports to stable-backports. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 31 May 2024 00:15:07 -0700 Source: qtwebengine-opensource-src Architecture: source Version: 5.15.16+dfsg-5~bpo12+1 Distribution: bookworm-backports Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Soren Stoutner Changes: qtwebengine-opensource-src (5.15.16+dfsg-5~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports. Checksums-Sha1: 2c86981596c0d2437ae61405d02df00a866836aa 5462 qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1.dsc b530cbbac8d726449e01f50c24a59b910cd2282e 244028 qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1.debian.tar.xz fc2724d6c51226487a728924e71160902c72a29c 38585 qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1_amd64.buildinfo Checksums-Sha256: 96e251dbf1343f9808ab8121833d6f2d1dd83a20ad54f9d88d387df10b3c52fd 5462 qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1.dsc b5869e381c3793db7d2aadfa374968ab2399f68989c17897b1131f3ab3c172d5 244028 qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1.debian.tar.xz 6e9fe9137b055032a654b93b7248142c0a201e47367c7e88cae282c3f4e081bf 38585 qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1_amd64.buildinfo Files: 89e3a0e894f5774dea450b3a4506642e 5462 libs optional qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1.dsc 88c71bf9050c45adb6763d1d7432a2c0 244028 libs optional qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1.debian.tar.xz 72322ea8ca7d5e98b4ee3b4153f9c272 38585 libs optional qtwebengine-opensource-src_5.15.16+dfsg-5~bpo12+1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmZaC7EACgkQwufLJ66w tgOlhg/6A4DJ7kWAZtAevG/cjn44RXm+weluseeBGd6n5t9//Oo5F3NN1ElqgB3U AddMkBpf2nfHpEIdmtsYICyBEPN3dewvsrm7OZRw3LazR2bPWWlX4Od9iTrJSCTN qs1hHyccXKQn04xeewKLzQ8AYF/X2IgbUUK7aW7rxI9jKXSs1KNHcxu+ckGq6pAj obp7XL/kFvQ/1YUyTsvpAprwqMMNFsWcZzVCu9/6F2AjqzxlR0LXmXjkRxPGARJc dzBpjzWLIsDxPoxWkYGd+PCTxZd/EgkAvev9ri9YOiBaIqhZwVgH9z4Qtv+Dz4Sw 5zfWwQ4wd7a1OjdXJNrmmgsTnIZ+YVDnmeH3ZZWy6/uMj4o9TQEQDtOQdGAIbwDh A3jFIx2WWdlerkYQ47IZbu7kckgeqyqGtUaG9Bu7BWMlXSlDtg6+KVySB/BUE7tN CB5WNFcPtXTSquLcl2VZwOj2+LVYb4jEFwQj5OLwNKJQNyyRMQfvp1RiCNv9Tm8I ZfvDot15e4oXofHzl9T7i7xI6pcfa7+AoJWzKqXldFy8tvMNbp/Y+px6YmdQnIC1 IGj7Le5sdDtqIqR+FTnSKn7MSDZX1MMa+2Twj4NppVk9dph9A5bLa4NqLROJhuoI 3GQnEdtPSB8tTaoWH1vVDuiwKuHdxRbFL/JeT9+siMh6DIPds3M= =6cIi -END PGP SIGNATURE- pgpa5qWOYdEl_.pgp Description: PGP signature
Bug#1072309: neochat: Depends: qml-module-org-kde-kirigami-addons-delegates but it is not installable
Package: neochat Version: 23.08.5-2 Severity: serious X-Debbugs-Cc: sramac...@debian.org The dependencies of neochat cannot be satisfied: $ apt install neochat ... Unsatisfied dependencies: neochat : Depends: qml-module-org-kde-kirigami-addons-delegates but it is not installable Depends: qml-module-org-kde-kirigami-addons-components but it is not installabl Cheers -- Sebastian Ramacher
