Bug#779580: marked as done (qtbase-opensource-src: CVE-2015-0295)

To: Dmitry Shachnev <mitya57@debian.org>
Subject: Bug#779580: marked as done (qtbase-opensource-src: CVE-2015-0295)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 27 Apr 2015 11:27:13 +0000
Message-id: <[🔎] handler.779580.D779580.143013373317806.ackdone@bugs.debian.org>
References: <E1Ymh75-0007cV-GZ@franck.debian.org> <20150302065809.1630.65379.reportbug@m25s06.vlinux.de>

Your message dated Mon, 27 Apr 2015 11:22:11 +0000
with message-id <E1Ymh75-0007cV-GZ@franck.debian.org>
and subject line Bug#779580: fixed in qtbase-opensource-src 5.3.2+dfsg-5
has caused the Debian Bug report #779580,
regarding qtbase-opensource-src: CVE-2015-0295
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
779580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779580
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qt4-x11: CVE-2015-0295

From: Moritz Muehlenhoff <jmm@inutil.org>

Date: Mon, 02 Mar 2015 07:58:09 +0100

Message-id: <20150302065809.1630.65379.reportbug@m25s06.vlinux.de>
Package: qt4-x11
Severity: important
Tags: security
Justification: user security hole

Hi,
please see http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
for details and a patch.

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 779580-close@bugs.debian.org
Subject: Bug#779580: fixed in qtbase-opensource-src 5.3.2+dfsg-5
From: Dmitry Shachnev <mitya57@debian.org>
Date: Mon, 27 Apr 2015 11:22:11 +0000
Message-id: <E1Ymh75-0007cV-GZ@franck.debian.org>

Source: qtbase-opensource-src
Source-Version: 5.3.2+dfsg-5

We believe that the bug you reported is fixed in the latest version of
qtbase-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 779580@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtbase-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 27 Apr 2015 11:54:20 +0300
Source: qtbase-opensource-src
Binary: libqt5core5a libqt5gui5 libqt5network5 libqt5opengl5 libqt5sql5 libqt5sql5-mysql libqt5sql5-odbc libqt5sql5-psql libqt5sql5-sqlite libqt5sql5-tds libqt5xml5 libqt5dbus5 libqt5test5 libqt5concurrent5 libqt5widgets5 libqt5printsupport5 qtbase5-dev qtbase5-private-dev libqt5opengl5-dev qtbase5-dev-tools qt5-qmake qtbase5-examples qtbase5-dbg qtbase5-dev-tools-dbg qtbase5-examples-dbg qt5-default qtbase5-doc-html
Architecture: source all
Version: 5.3.2+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Description:
 libqt5concurrent5 - Qt 5 concurrent module
 libqt5core5a - Qt 5 core module
 libqt5dbus5 - Qt 5 D-Bus module
 libqt5gui5 - Qt 5 GUI module
 libqt5network5 - Qt 5 network module
 libqt5opengl5 - Qt 5 OpenGL module
 libqt5opengl5-dev - Qt 5 OpenGL library development files
 libqt5printsupport5 - Qt 5 print support module
 libqt5sql5 - Qt 5 SQL module
 libqt5sql5-mysql - Qt 5 MySQL database driver
 libqt5sql5-odbc - Qt 5 ODBC database driver
 libqt5sql5-psql - Qt 5 PostgreSQL database driver
 libqt5sql5-sqlite - Qt 5 SQLite 3 database driver
 libqt5sql5-tds - Qt 5 FreeTDS database driver
 libqt5test5 - Qt 5 test module
 libqt5widgets5 - Qt 5 widgets module
 libqt5xml5 - Qt 5 XML module
 qt5-default - Qt 5 development defaults package
 qt5-qmake  - Qt 5 qmake Makefile generator tool
 qtbase5-dbg - Qt 5 base library debugging symbols
 qtbase5-dev - Qt 5 base development files
 qtbase5-dev-tools - Qt 5 base development programs
 qtbase5-dev-tools-dbg - Qt 5 base binaries debugging symbols
 qtbase5-doc-html - Qt 5 base HTML documentation
 qtbase5-examples - Qt 5 base examples
 qtbase5-examples-dbg - Qt 5 base examples debugging symbols
 qtbase5-private-dev - Qt 5 base private development files
Closes: 777341 779580
Changes:
 qtbase-opensource-src (5.3.2+dfsg-5) unstable; urgency=medium
 .
   [ Lisandro Damián Nicanor Pérez Meyer ]
   * Remove libopenvg1-mesa-dev as a build dependency because mesa does not
     build it anymore (Closes: #777341).
     Thanks Andreas Beckmann for the report.
 .
   [ Dmitry Shachnev ]
   * Fix several DoS vulnerabilities in the image handlers.
     - CVE-2015-0295, CVE-2015-1858, CVE-2015-1859, CVE-2015-1860.
     - Closes: #779580.
   * Fix HTTP upload corruptions when server closes connection.
   * Use the latest version of debian/mark_private_symbols.sh:
     - Strip trailing colon from symbols names.
     - Unmark private symbols before processing them.
   * Symbols files:
     - Remove references to ia64 and s390 from the symbols files.
       Build logs for these architectures are no longer available.
     - Update for the mark_private_symbols.sh change.
Checksums-Sha1:
 5d8af43a2b8172d1385443b705a72d4173f3de6d 4840 qtbase-opensource-src_5.3.2+dfsg-5.dsc
 190ba74a7979b78a395d1055a051ca39737e2d8a 197020 qtbase-opensource-src_5.3.2+dfsg-5.debian.tar.xz
 58cf8d878029e287d60cdd70a0ffb622dcce9515 22385344 qtbase5-doc-html_5.3.2+dfsg-5_all.deb
Checksums-Sha256:
 029b5bc4044d77e031eadcbf5dbfd64eb52a01718acc0b23cf4ef7ec5f0e38fb 4840 qtbase-opensource-src_5.3.2+dfsg-5.dsc
 f69609e6216768182f8470c0d12de86ac2c1464e02ad21f2f21ffc1700bbb792 197020 qtbase-opensource-src_5.3.2+dfsg-5.debian.tar.xz
 0e7d728ec3cddf101ef76f591377493d5ccac89ce017d1c0ce291725ed57c78a 22385344 qtbase5-doc-html_5.3.2+dfsg-5_all.deb
Files:
 419c9beb2375076e93f3114532f9e30c 4840 libs optional qtbase-opensource-src_5.3.2+dfsg-5.dsc
 ec51b40c0c5a78ed2c859c4a650a9ba0 197020 libs optional qtbase-opensource-src_5.3.2+dfsg-5.debian.tar.xz
 fa363b0fe0547cced56b51964dcfe82f 22385344 doc extra qtbase5-doc-html_5.3.2+dfsg-5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVPhpiAAoJENb+cQNj+F3T9UsP/je2KuFFHzLp+R+LTejKBJee
Kqu653oINZOvnRXQkfvMulivlfkEl2jpZjPeXcIFMAujgpfiPds91IYbIMEH3/Ry
VpjSMzs6+vnpSrJ3xRdUsp6kNI5ErnwisCl9L1C8W/Y0xz59Qqmht3qGFAYC05rM
t09gQrTkzfWO4smOWSvbZnG+sthplJzGDrQDc8Mu+aYhgO5S7+6rp5d2Vawbjvyu
lAlNbbh4sqzQRnm4GdYzHFZmt/rUgb4zKzlg3Xy552/DVLjNjoX7XAbAbFMAonNK
iQD0Vn/zwSZ8Hq1xhcacmnycgCZCNDvVWP7ZmU5LlPsxC/w7RD4utUP7734QLZfi
oubAnIECg1AquWXBc30zwICizjnMAnihsojF+Pl9byfMHZBam4bjspD85xq2F2qH
4Zl1/GDAMZsfhfBgIXbnjLzz06Z8X/7fQsyxiQOATcriED17gG6hRLRh5CWUVb1i
DJr79DwKkREEl2M4gFSvm5SV+y+7BbOK1vZe1Y6o98FUwl8fUiYa8bBKSFJmZKsj
hFTruSdJxrz1BH9ytW8OE210vjoxTMgI2uZ+aS/zD9/xVvV8xrekZF1gTzRwIzSA
lBmC+BHKCCqg2v3a+NvDElpFZKblhYinvnMieV5YNc6Qy3TI/8d/PT1rgaisFrCp
n1YZPwD3GnqegWkwdna0
=w9GM
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#777341: marked as done (qtbase-opensource-src: libopenvg1-mesa-dev is no longer built by mesa)
Next by Date: Processing of qtbase-opensource-src_5.3.2+dfsg-5_amd64.changes
Previous by thread: Bug#777341: marked as done (qtbase-opensource-src: libopenvg1-mesa-dev is no longer built by mesa)
Next by thread: Processing of qtbase-opensource-src_5.3.2+dfsg-5_amd64.changes
Index(es):
- Date
- Thread