-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 07 Apr 2024 12:45:51 +0300 Source: qtbase-opensource-src Architecture: source Version: 5.15.8+dfsg-11+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Dmitry Shachnev <mitya57@debian.org> Closes: 1037210 1041105 1055280 Changes: qtbase-opensource-src (5.15.8+dfsg-11+deb12u1) bookworm; urgency=medium . [ Alexander Volkov ] * Backport upstream patches to fix regression caused by CVE-2023-24607.diff (closes: #1055280). . [ Dmitry Shachnev ] * Backport fixes for three CVEs from Debian unstable: - CVE-2023-34410: use of system CA certificates when not wanted (closes: #1037210). - CVE-2023-37369: potential buffer overflow in QXmlStreamReader. - CVE-2023-38197: infinite loop in XML recursive entity expansion (closes: #1041105). Checksums-Sha1: f5911485458c4d45980843d4fe17f876a82e63fa 5466 qtbase-opensource-src_5.15.8+dfsg-11+deb12u1.dsc 62276547b690ecb1221bce4c524cb757127c70f9 239660 qtbase-opensource-src_5.15.8+dfsg-11+deb12u1.debian.tar.xz d6f4e3b40820a8f2f65a86dcbe5c1b4619a16cbe 17085 qtbase-opensource-src_5.15.8+dfsg-11+deb12u1_source.buildinfo Checksums-Sha256: 565b67bb51232ebdc5ca4b33f94954e3b9f2725dbe3f80fa0c06376ac27dea72 5466 qtbase-opensource-src_5.15.8+dfsg-11+deb12u1.dsc afd5ae59d2155d6c8629b5ecbf39462040606238cdd8dc9229b208c469fbc146 239660 qtbase-opensource-src_5.15.8+dfsg-11+deb12u1.debian.tar.xz ceb2b31c46ed4bd256912db58d3cfc42fc63bbcd3cd249c813b7124491994a92 17085 qtbase-opensource-src_5.15.8+dfsg-11+deb12u1_source.buildinfo Files: 0b6ccd2fab5dcb59e3a2fe19fbcfaaea 5466 libs optional qtbase-opensource-src_5.15.8+dfsg-11+deb12u1.dsc 79756a4abc5cfc5f0c598637926c38b3 239660 libs optional qtbase-opensource-src_5.15.8+dfsg-11+deb12u1.debian.tar.xz 3794909ffa63dcccd90015a0437c64e1 17085 libs optional qtbase-opensource-src_5.15.8+dfsg-11+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEq2sdvrA0LydXHe1qsmYUtFL0RrYFAmYSbFgTHG1pdHlhNTdA ZGViaWFuLm9yZwAKCRCyZhS0UvRGtizqEACwWZZ6JwzoT8MVWDHcj2i7aFFSq+mI fwpYk4SzEaZbay5Tbu/RYlV3obiUkROKb5HJx9gn1mw7X9TnxV1yKBdbapZxk3Hz ED9vz5DtSpb7rqmS34NpGnHLz2a3TeAQk5cTECYBlLTmySzt/WvhF88ndRr9XljI p0ccmgCZ60ZGACVX1PR6SCed5bSX2+M4zM8zoUmwcwPuNX0I26cSsrE0h9jq0itv kyWWvRmTxK5Rx3iU8V8tSfMLddmVAgyVPJnsBNa+9MR2kpwHAqTtEs1OfgMmBOdo OvzpbZ3Nm6/tVANqtjp1gQXc5DRyl5vJGzkDnRsR9xOk2cHKG6YCSQfX7/AvdNss ygTfWwKMJD0e2m7HUP2jOiTqQS7RukL6sWNxMvXBm3uNnbFVPdNrEfmBXNSaysOH Jc52ks6TsXv5DPmmRNbO5LYQAvxrCyzvU83IWaT0BKTp5+btqlX22AT7KMx2M/u2 Ap2AVD1rvT0VaOl9Wi1Hy1ElZ6e8bh7Fzg7JfX9fCd7nfN9eRFRkG7vm9x8UaPoU c55mftdaiNUWdgWXJT42dLJOyJxosZKU8KD2abLyoBjSpf1ssqT8oy6f4K9cAnf0 cGnBR0MGKkOjuydNgssaepEDecKjt/ahFNFvHzeivbrxv4ZxYpFpCx00gGUMvxK4 5fV5Y8zwzvlslg== =X/Fj -----END PGP SIGNATURE-----