Bug#1093882: qtconnectivity-opensource-src: CVE-2025-23050

Source: qtconnectivity-opensource-src X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtconnectivity-opensource-src. CVE-2025-23050[0]: https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux Patch for Qt

Bug#1077544: qtbase-opensource-src-gles: CVE-2024-39936

Source: qtbase-opensource-src-gles X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src-gles. CVE-2024-39936[0]: | An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before | 6.2.13, 6.3.x throug

Re: Debdiffs for CVE-2024-36041/plasma-workspace

Am Fri, Jun 21, 2024 at 11:01:33PM +0300 schrieb Adrian Bunk: > Hi, > > attached are debdiffs for CVE-2024-36041/plasma-workspace. DSA has been released, thanks! Cheers, Moritz

Re: Debdiffs for CVE-2024-36041/plasma-workspace

Am Fri, Jun 21, 2024 at 11:01:33PM +0300 schrieb Adrian Bunk: > Hi, > > attached are debdiffs for CVE-2024-36041/plasma-workspace. Thanks! Please upload to security-master. Cheers, Moritz

Bug#1068454: qt6-base: CVE-2024-30161

Source: qt6-base X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qt6-base. CVE-2024-30161[0]: | In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may | access QNetworkReply header data via a dangling pointer.

Bug#1064063: plasma-workspace: CVE-2024-1433

Source: plasma-workspace X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for plasma-workspace. CVE-2024-1433[0]: | A vulnerability, which was classified as problematic, was found in | KDE Plasma Workspace up to 5.93.0. This

Bug#1064054: qtbase-opensource-src-gles: CVE-2024-25580

Source: qtbase-opensource-src-gles X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src-gles. CVE-2024-25580[0]: https://bugzilla.redhat.com/show_bug.cgi?id=2264423 https://download.qt.io/official_releas

Bug#1064053: qtbase-opensource-src: CVE-2024-25580

Source: qtbase-opensource-src X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src. CVE-2024-25580[0]: https://bugzilla.redhat.com/show_bug.cgi?id=2264423 https://download.qt.io/official_releases/qt/5.15

Bug#1064052: qt6-base: CVE-2024-25580

Source: qt6-base X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qt6-base. CVE-2024-25580[0]: https://bugzilla.redhat.com/show_bug.cgi?id=2264423 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=28ecb523ce8490bff38b251b3

Bug#1060695: qtbase-opensource-src-gles: CVE-2023-51714

Source: qtbase-opensource-src-gles X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src-gles. CVE-2023-51714[0]: | An issue was discovered in the HTTP2 implementation in Qt before | 5.15.17, 6.x before 6

Bug#1060694: qtbase-opensource-src: CVE-2023-51714

Source: qtbase-opensource-src X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src. CVE-2023-51714[0]: | An issue was discovered in the HTTP2 implementation in Qt before | 5.15.17, 6.x before 6.2.11, 6.3

Bug#1060693: qt6-base: CVE-2023-51714

Source: qt6-base X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qt6-base. CVE-2023-51714[0]: | An issue was discovered in the HTTP2 implementation in Qt before | 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.

Bug#1059302: qt6-base: CVE-2023-37369

Source: qt6-base X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qt6-base. CVE-2023-37369[0]: | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x | before 6.5.2, there can be an application crash in QXmlStr

Bug#1041106: qtbase-opensource-src-gles: CVE-2023-38197

Source: qtbase-opensource-src-gles X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src-gles. CVE-2023-38197[0]: | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and | 6.3.x through 6.5

Bug#1041105: qtbase-opensource-src: CVE-2023-38197

Source: qtbase-opensource-src X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src. CVE-2023-38197[0]: | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and | 6.3.x through 6.5.x before

Bug#1041104: qt6-base: CVE-2023-38197

Source: qt6-base X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qt6-base. CVE-2023-38197[0]: | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and | 6.3.x through 6.5.x before 6.5.3. There are infinite

Bug#1036702: qtbase-opensource-src-gles: CVE-2023-32762

Am Wed, May 24, 2023 at 03:50:06PM +0200 schrieb Moritz Mühlenhoff: > Source: qtbase-opensource-src-gles > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for qtbase-opensource-src-gle

Bug#1036702: qtbase-opensource-src-gles: CVE-2023-32762

Source: qtbase-opensource-src-gles X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src-gles. CVE-2023-32762[0]: https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 Per IRC thus

Bug#1031873: qtbase-opensource-src-gles: CVE-2023-24607

Source: qtbase-opensource-src-gles X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src-gles. CVE-2023-24607[0]: When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a spe

Bug#1031872: qtbase-opensource-src: CVE-2023-24607

Source: qtbase-opensource-src X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qtbase-opensource-src. CVE-2023-24607[0]: When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically

Bug#1031871: qt6-base: CVE-2023-24607

Source: qt6-base X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qt6-base. CVE-2023-24607[0]: When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string https://ww

Bug#990527: kimageformats: CVE-2021-36083

Source: kimageformats X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for kimageformats. CVE-2021-36083[0]: | KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer | overflow in XCFImageFormat::loadTileRLE. https://b

Bug#875087: [phonon-backend-gstreamer] Future Qt4 removal from Buster

On Sat, Sep 09, 2017 at 10:18:38PM +0200, Lisandro Damián Nicanor Pérez Meyer wrote: > Source: phonon-backend-gstreamer > Version: 4:4.9.0-1 > Severity: wishlist > User: debian-qt-kde@lists.debian.org > Usertags: qt4-removal > > > Hi! As you might know we the Qt/KDE team are preparing to remove

Bug#875092: [polkit-qt-1] Future Qt4 removal from Buster

On Sat, Sep 09, 2017 at 10:19:00PM +0200, Lisandro Damián Nicanor Pérez Meyer wrote: > Source: polkit-qt-1 > Usertags: qt4-removal With the removal of src:kde4libs, the Qt4 packages can now go away, patch attached. Cheers, Moritz diff -Naur polkit-qt-1-0.112.0.orig/debian/control polkit

Bug#875130: [qimageblitz] Future Qt4 removal from Buster

On Sat, Sep 09, 2017 at 11:01:46PM +0200, Lisandro Damián Nicanor Pérez Meyer wrote: > Source: qimageblitz > Version: 1:0.0.6-5 > Severity: wishlist > User: debian-qt-kde@lists.debian.org > Usertags: qt4-removal > > > Hi! As you might know we the Qt/KDE team are preparing to remove Qt4 > as [ann

Bug#874908: [grantlee] Future Qt4 removal from Buster

On Sun, Jul 07, 2019 at 11:40:59AM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > Hi Moritz! > > On Fri, 5 Jul 2019 at 15:33, Moritz Mühlenhoff wrote: > > > > On Sat, Sep 09, 2017 at 09:05:49PM +0200, Lisandro Damián Nicanor Pérez > > Meyer wrote: > >

Bug#934267: kconfig: CVE-2019-14744

On Thu, Aug 08, 2019 at 11:29:25PM +0200, Salvatore Bonaccorso wrote: > Source: kconfig > Version: 5.54.0-1 > Severity: grave > Tags: patch security upstream > Justification: user security hole > Control: found -1 5.28.0-2 > Control: clone -1 -2 > Control: reassign -2 src:kde4libs 4:4.14.38-3 > Con

Bug#874908: [grantlee] Future Qt4 removal from Buster

On Sat, Sep 09, 2017 at 09:05:49PM +0200, Lisandro Damián Nicanor Pérez Meyer wrote: > Source: grantlee > Version: 0.4.0-4 > Severity: wishlist > User: debian-qt-kde@lists.debian.org > Usertags: qt4-removal The changelog mentions that as of 5.0.0 upstream switched to Qt5. Cheers, Moritz

Bug#876905: qtwebkit should not be release with buster

On Fri, Mar 22, 2019 at 05:45:56PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > El jue., 21 mar. 2019 09:33, Thierry fa...@linux.ibm.com < > thie...@linux.ibm.com> escribió: > > > On Tue, 26 Sep 2017 22:15:12 +0300 Adrian Bunk wrote: > > > Source: qtwebkit > > > Version: 2.3.4.dfsg-9.1 >

Re: security update for okular in Stretch

On Thu, Sep 20, 2018 at 10:58:23PM +0200, Thorsten Alteholz wrote: > Hi everybody, > > in case you are interested, this is the debdiff to fix CVE-2018-1000801 of > okular in Stretch. Thanks! I've uploaded a fixed package and just released it as DSA 4303. Cheers, Moritz

Re: CVE-2018-10380: kwallet-pam: Access to privileged files

On Fri, May 04, 2018 at 09:10:47PM +0200, Maximiliano Curia wrote: > ¡Hola Moritz! > > El 2018-05-03 a las 23:18 +0200, Maximiliano Curia escribió: > > ¡Hola Moritz! > > > El 2018-05-03 a las 22:56 +0200, Moritz Muehlenhoff escribió: > > > On Thu, May 03, 2018 at 07:29:42PM +0200, Maximiliano Cur

Re: CVE-2018-10380: kwallet-pam: Access to privileged files

On Fri, May 04, 2018 at 09:10:47PM +0200, Maximiliano Curia wrote: > ¡Hola Moritz! > > El 2018-05-03 a las 23:18 +0200, Maximiliano Curia escribió: > > ¡Hola Moritz! > > > El 2018-05-03 a las 22:56 +0200, Moritz Muehlenhoff escribió: > > > On Thu, May 03, 2018 at 07:29:42PM +0200, Maximiliano Cur

Accepted plasma-workspace 4:5.8.6-2.1+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates

sddm-theme-debian-breeze Architecture: source amd64 Version: 4:5.8.6-2.1+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian/Kubuntu Qt/KDE Maintainers Changed-By: Moritz Mühlenhoff Description: libkworkspace5-5 - Plasma Workspace for KF5 library libplasma-geolocation

Bug#842498: your mail

On Mon, Feb 13, 2017 at 11:06:17PM +0100, Moritz Mühlenhoff wrote: > On Wed, Nov 09, 2016 at 05:38:46PM +0100, Bálint Réczey wrote: > > clone 842498 -1 > > retitle 842498 kde-runtime: Command displayed by kdesu truncated by unicode > > string terminator (CVE-2016-7787) &g

Bug#842498: your mail

On Wed, Nov 09, 2016 at 05:38:46PM +0100, Bálint Réczey wrote: > clone 842498 -1 > retitle 842498 kde-runtime: Command displayed by kdesu truncated by unicode > string terminator (CVE-2016-7787) > reassign -1 kdesudo 3.4.2.4-2 > thanks Dear KDE maintainers, the bug meta data suggest CVE-2016-7787

Bug#850954: CVE-2016-10040

Lisandro Damián Nicanor Pérez Meyer wrote: > > Maybe the next QT upload should simply add a note to the > > changelog that it's unsupported. Do we have any notable > > users of QXmlSimpleReader in stretch? Probably not. > > I'm afraid we do: > >

Bug#815360: Bug#795428: OpenSLP 1.2 should not be part of stretch

On Sun, Feb 21, 2016 at 12:20:52AM +, Julien Cristau wrote: > Control: clone -1 -2 -3 -4 -5 -6 -7 -8 > Control: reassign -2 cups 2.1.3-1 > Control: retitle -2 cups: build-depends on libslp-dev > Control: reassign -3 kde-runtime 4:15.08.3-1 > Control: retitle -3 kde-runtime: build-depends on lib

Bug#785855: qtmobility: Please update to GStreamer 1.x

On Wed, May 20, 2015 at 01:32:13PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > On Wednesday 20 May 2015 13:11:45 Lisandro Damián Nicanor Pérez Meyer wrote: > [snip] > > I think it's time to remove qtmobility from the archive. > > > > That would break actionaz, marble, monav and tupi thoug

Bug#755359: [kdm] systemd seem to fail to start display-manager.service

On Fri, Apr 03, 2015 at 09:05:17AM +0200, John Paul Adrian Glaubitz wrote: > On 04/02/2015 10:15 PM, Moritz Mühlenhoff wrote: > > My patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754314 > > retains the kdmrc customisation currently present in the sysvinit script; &g

Bug#755359: [kdm] systemd seem to fail to start display-manager.service

On Thu, Apr 02, 2015 at 04:20:06PM +0200, John Paul Adrian Glaubitz wrote: > On 04/02/2015 12:57 PM, John Paul Adrian Glaubitz wrote: > > Attaching a debdiff with the proposed changes to the kde-workspace > > source package which will add systemd support to kdm. > > Attaching a cleaned up revision

Bug#779550: qt4-x11: CVE-2015-0295

On Mon, Mar 02, 2015 at 03:37:03PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > On Monday 02 March 2015 18:20:22 Moritz Muehlenhoff wrote: > > On Mon, Mar 02, 2015 at 07:32:11PM +0300, Dmitry Shachnev wrote: > > > clone -1 -2 > > > reassign -2 libqt5gui5 5.3.2+dfsg-4 > > > thanks > > > > >

Bug#769632: kde-runtime: CVE-2014-8600: Insufficient Input Validation By IO Slaves and Webkit Part

On Sat, Nov 15, 2014 at 08:25:41AM +0100, Salvatore Bonaccorso wrote: > Source: kde-runtime > Version: 4:4.8.4-2 > Severity: normal > Tags: security upstream patch fixed-upstream > > Hi, > > the following vulnerability was published for kde-runtime. > > CVE-2014-8600[0]: > Insufficient Input Val

Bug#766796: konqueror: Konqueror is vulnerable to the Poodle attack

severity 766796 important thanks On Sat, Oct 25, 2014 at 11:50:40PM +0200, Patrick Häcker wrote: > Package: konqueror > Version: 4:4.14.1-1 > Severity: grave > Tags: security > Justification: user security hole > > Dear Maintainer, > > according to https://www.poodletest.com/ Konqueror is still

Bug#754314: systemd support for kdm

On Tue, Aug 12, 2014 at 10:43:11AM +0200, Michael Biebl wrote: > Hi, > > On Thu, Jul 17, 2014 at 05:17:23PM +0200, Moritz Muehlenhoff wrote: > > On Mon, Jul 14, 2014 at 06:34:40PM +0200, Moritz Mühlenhoff wrote: > > > On Wed, Jul 09, 2014 at 10:16:07PM +0200,

Bug#755814: kde4libs: CVE-2014-5033

On Thu, Jul 31, 2014 at 09:07:22PM +0200, Felix Geyer wrote: > Hi Moritz, > > On Wed, 23 Jul 2014 16:05:25 +0200 Moritz Muehlenhoff wrote: > > Package: kde4libs > > Severity: grave > > Tags: security > > Justification: user security hole > > > > Hi, > > please see https://bugzilla.novell.com/sho

Bug#754314: systemd support for kdm

On Wed, Jul 09, 2014 at 10:16:07PM +0200, Moritz Muehlenhoff wrote: > Source: kde-workspace > Severity: wishlist > Tags: patch > > activation of the service > - > > After installation of the updated package the service isn't enabled > by default. You'll need to run "system

Re: KDE/jessie feedback

On Sat, Apr 05, 2014 at 05:29:30PM +0200, Sune Vuorela wrote: > Phonon-vlc upstream is much more active that the phonon-gstreamer from my > impression, and phonon upstream does recommend phonon-vlc to be the default. > But fedora ships phonon-gstreamer as the default. JFTR, I'm fine with keeping

Re: KDE/jessie feedback

On Sat, Apr 05, 2014 at 05:29:30PM +0200, Sune Vuorela wrote: > Hi Moritz > > Thank you for your mail. I'll go thru your three topics. > > > - With the default desktop there're notifications on new updates, but the > > standard tool (I'm not sure which it is precisely) only offers a > > notificat

Bug#725887: Dropping NAS support

On Sat, Oct 19, 2013 at 04:01:45PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > On Saturday 19 October 2013 13:48:08 Moritz Mühlenhoff wrote: > [snip] > > > Hi Moritz! > > > > > > The popcon is indeed low. But I also noted that libaudio2 it's a v

Re: Bug#725887: Dropping NAS support

On Thu, Oct 10, 2013 at 11:50:28AM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > tag 725887 moreinfo > thanks > > On Wednesday 09 October 2013 18:54:24 Moritz Muehlenhoff wrote: > > Package: qt4-x11 > > Severity: normal > > > > I suggest to remove NAS support from libqtgui4 or move it to a

Bug#590147: Upgrade

On Mon, Nov 29, 2010 at 11:28:31AM +0200, Modestas Vainius wrote: > > The two are from my point of view RC > > No, the first part is not RC because: > > 1) it is rare enough > 2) there is no data loss involved > > There is no info about the 2nd part and according to upstream, the bug has > been

Bug#638241: Needs to be adapted to libav/0.7.1

tags 638241 patch thanks On Wed, Aug 17, 2011 at 10:36:18PM +0200, Moritz Muehlenhoff wrote: > Package: ffmpegthumbs > Severity: important > > Hi, > the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish. > (libav is a ffmpeg fork, to which Debian will switch, see > http://en.wikipedia.

Re: Release notes entry for web browser security support

On Wed, Feb 02, 2011 at 07:33:27PM +0100, Julien Cristau wrote: > On Mon, Jan 10, 2011 at 20:56:01 +0100, Moritz Muehlenhoff wrote: > > > State of browser support > > > > Debian Squeeze includes several browser engines which are affected by a > > frequent > > stream of security vulnerabilities.