[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1060694: marked as done (qtbase-opensource-src: CVE-2023-51714)

Your message dated Sat, 13 Jan 2024 17:21:41 +0000
with message-id <E1rOhhV-00DgLc-Ma@fasolo.debian.org>
and subject line Bug#1060694: fixed in qtbase-opensource-src 5.15.10+dfsg-6
has caused the Debian Bug report #1060694,
regarding qtbase-opensource-src: CVE-2023-51714
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1060694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060694
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: qtbase-opensource-src
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for qtbase-opensource-src.

CVE-2023-51714[0]:
| An issue was discovered in the HTTP2 implementation in Qt before
| 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and
| 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an
| incorrect HPack integer overflow check.

https://codereview.qt-project.org/c/qt/qtbase/+/524864
https://codereview.qt-project.org/c/qt/qtbase/+/524865/3

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-51714
    https://www.cve.org/CVERecord?id=CVE-2023-51714

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: qtbase-opensource-src
Source-Version: 5.15.10+dfsg-6
Done: Dmitry Shachnev <mitya57@debian.org>

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1060694@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Jan 2024 19:53:52 +0300
Source: qtbase-opensource-src
Architecture: source
Version: 5.15.10+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 1060694
Changes:
 qtbase-opensource-src (5.15.10+dfsg-6) unstable; urgency=medium
 .
   * Backport upstream patches to fix incorrect integer overflow check in
     HPack (CVE-2023-51714, closes: #1060694).
Checksums-Sha1:
 5fec5779c5782c7b80eb56b078dfbea0299db0c3 5312 qtbase-opensource-src_5.15.10+dfsg-6.dsc
 cfd60870b3e019a3e2fb51976cb5454565e2f4f8 236144 qtbase-opensource-src_5.15.10+dfsg-6.debian.tar.xz
 98d2feaf69c182ba27b9ece74af893a2c3b6196a 16108 qtbase-opensource-src_5.15.10+dfsg-6_source.buildinfo
Checksums-Sha256:
 05929954dee135dbf440ff4f7db0da8aed5a904543011c01814cf70bb37f7b0c 5312 qtbase-opensource-src_5.15.10+dfsg-6.dsc
 27801acb1b105f3f822b8f600514bc48ae65778f77b97d55593cdf3403ce0f88 236144 qtbase-opensource-src_5.15.10+dfsg-6.debian.tar.xz
 0d45dc22ab6c96660a42902ed4e1bc0313465f7328f5dfc269084d3ed7212ca8 16108 qtbase-opensource-src_5.15.10+dfsg-6_source.buildinfo
Files:
 72f48e18f108d1b5a1f7833743f220a3 5312 libs optional qtbase-opensource-src_5.15.10+dfsg-6.dsc
 161239aef6fc755c22587fe52c6bf30a 236144 libs optional qtbase-opensource-src_5.15.10+dfsg-6.debian.tar.xz
 cd8b6012361cc05923cf323d1318ba5c 16108 libs optional qtbase-opensource-src_5.15.10+dfsg-6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmWiwM4THG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRCyZhS0UvRGtibHD/433VEo5ij+Bf7BBXlo1GATkvURhTcI
d7t+OJYU8VoTROXP6pBDMeJ3kcz41zR5lo/mTdHNUUhZon6uCGSZ57vtflqdye2U
DJhROlxUivsDCeqNDq1GK5uiTx3qn+vtQOwLmthde0109xnGNtifNR65gKKJ0z6L
DTT8JX2gM+IJxZjXyiU8HtnM+CdqT+qkSdIFoK+BBcZD0MAN0ZCn4xcx4AOV8aWD
VWOWeXrPHOOgO2g8qkbCgChNAKGzqqQCpBkEO37mvIk5jwkZ+lnhZ6W4NC2fRAZs
jY9cmeCrjkX8KcSCJyo7XAtawmUNrIZvY/CxPNCs4ep/FgNYofiGwcnq8wTGPWvL
u/ifH4JFVE1B49XP0Rhqri4yLIxZK/irIjybeGRVbyuhbxPLfVw923nLZj0lJ7Xv
iTqESvDXUbCSvtDlsS6i8qxnmenOUgHX52mZO9T7RQIBi28J8bRBfiVOUSMq2n2W
FiN5fyhvaDL44XL+rO22Od3jx/rLqQFXJkth6Nun3tT0PtxOa36bJNfRPzdlfWRB
JWzsHkTKka5zTQHbm2xJIDD9gxZbYGuYMPiGlOqzThUB9O85R16Gj8mFjADggy6T
DXjZNPQh9Iirh7e4rhmK2GUKzsQI+sV9+VuMU6GG6hHl5FenBwRc++mw79kLUsgO
NLKkzhGyA0ukow==
=OwGw
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: