qtbase-opensource-src - Debian Package Tracker

general

source: qtbase-opensource-src (main)
version: 5.15.10+dfsg-3
maintainer: Debian Qt/KDE Maintainers (archive) (DMD)
uploaders: Sune Vuorela [DMD] – Timo Jyrinki [DMD] – Pino Toscano [DMD] – Lisandro Damián Nicanor Pérez Meyer [DMD] – Dmitry Shachnev [DMD] – Simon Quigley [DMD]
arch: all any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.11.3+dfsg1-1+deb10u5
o-o-sec: 5.11.3+dfsg1-1+deb10u3
oldstable: 5.15.2+dfsg-9
stable: 5.15.8+dfsg-11
testing: 5.15.10+dfsg-3
unstable: 5.15.10+dfsg-3

versioned links

5.11.3+dfsg1-1+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.11.3+dfsg1-1+deb10u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.2+dfsg-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.8+dfsg-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.10+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libqt5concurrent5
libqt5core5a (4 bugs: 0, 3, 1, 0)
libqt5dbus5
libqt5gui5 (11 bugs: 0, 10, 1, 0)
libqt5network5
libqt5opengl5 (2 bugs: 0, 2, 0, 0)
libqt5opengl5-dev
libqt5printsupport5
libqt5sql5
libqt5sql5-ibase
libqt5sql5-mysql
libqt5sql5-odbc
libqt5sql5-psql
libqt5sql5-sqlite
libqt5sql5-tds
libqt5test5
libqt5widgets5 (4 bugs: 0, 4, 0, 0)
libqt5xml5
qt5-gtk-platformtheme (2 bugs: 0, 1, 1, 0)
qt5-qmake
qt5-qmake-bin
qt5-xdgdesktopportal-platformtheme
qtbase5-dev (4 bugs: 0, 1, 3, 0)
qtbase5-dev-tools
qtbase5-doc
qtbase5-doc-dev
qtbase5-doc-html
qtbase5-examples (2 bugs: 0, 2, 0, 0)
qtbase5-private-dev

action needed

lintian reports 11 errors and 19 warnings high

Lintian reports 11 errors and 19 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-07-09 Last update: 2023-09-03 06:05

debian/patches: 1 patch with invalid metadata, 27 patches to forward upstream high

Among the 33 debian patches available in version 5.15.10+dfsg-3 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.
27 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-07-28 08:39

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2023-09-13 Last update: 2023-09-29 14:36

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 5.15.10+dfsg-4, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 830c9dcdde8b1ed0463bd4368a2ac60610fc34ae
Author: Dmitry Shachnev <mitya57@debian.org>
Date:   Sat Sep 16 16:46:54 2023 +0300

    Add a patch from OpenMandriva to work around broken pyside2 build.
    
    Closes: #1051886.

commit 2b76d7460e72fcd21d8edc71d9ee573769cfa5e1
Author: Dmitry Shachnev <mitya57@debian.org>
Date:   Sat Sep 16 16:39:57 2023 +0300

    Start a new changelog entry.

Created: 2023-09-16 Last update: 2023-09-29 11:45

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-03-26 Last update: 2023-09-29 11:44

8 low-priority security issues in bullseye low

There are 8 open security issues in bullseye.

8 issues left for the package maintainer to handle:

CVE-2022-25255: (needs triaging) In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
CVE-2023-24607: (needs triaging) Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
CVE-2023-32762: (needs triaging) An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
CVE-2023-32763: (needs triaging) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
CVE-2023-33285: (needs triaging) An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
CVE-2023-34410: (needs triaging) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
CVE-2023-37369: (needs triaging) In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
CVE-2023-38197: (needs triaging) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-09-20 03:30

3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:

CVE-2023-34410: (needs triaging) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
CVE-2023-37369: (needs triaging) In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
CVE-2023-38197: (needs triaging) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-05 Last update: 2023-09-20 03:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2021-09-23 Last update: 2023-06-08 18:31

testing migrations

This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2023-08-02] qtbase-opensource-src 5.15.10+dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-07-27] Accepted qtbase-opensource-src 5.15.10+dfsg-3 (source) into unstable (Dmitry Shachnev)
[2023-07-27] qtbase-opensource-src 5.15.10+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-07-08] Accepted qtbase-opensource-src 5.15.10+dfsg-2 (source) into unstable (Dmitry Shachnev)
[2023-07-05] Accepted qtbase-opensource-src 5.15.8+dfsg-13 (source) into unstable (Dmitry Shachnev)
[2023-06-13] qtbase-opensource-src 5.15.8+dfsg-12 MIGRATED to testing (Debian testing watch)
[2023-06-09] Accepted qtbase-opensource-src 5.15.10+dfsg-1 (source) into experimental (Dmitry Shachnev)
[2023-06-08] Accepted qtbase-opensource-src 5.15.9+dfsg-3 (source) into experimental (Dmitry Shachnev)
[2023-06-08] Accepted qtbase-opensource-src 5.15.8+dfsg-12 (source) into unstable (Dmitry Shachnev)
[2023-05-30] qtbase-opensource-src 5.15.8+dfsg-11 MIGRATED to testing (Debian testing watch)
[2023-05-25] Accepted qtbase-opensource-src 5.15.8+dfsg-11 (source) into unstable (Dmitry Shachnev)
[2023-05-25] qtbase-opensource-src 5.15.8+dfsg-10 MIGRATED to testing (Debian testing watch)
[2023-05-22] Accepted qtbase-opensource-src 5.15.8+dfsg-10 (source) into unstable (Lisandro Damián Nicanor Pérez Meyer)
[2023-05-21] Accepted qtbase-opensource-src 5.15.8+dfsg-9 (source) into unstable (Dmitry Shachnev)
[2023-05-21] qtbase-opensource-src 5.15.8+dfsg-8 MIGRATED to testing (Debian testing watch)
[2023-05-13] Accepted qtbase-opensource-src 5.15.9+dfsg-2 (source) into experimental (Dmitry Shachnev)
[2023-05-13] Accepted qtbase-opensource-src 5.15.8+dfsg-8 (source) into unstable (Dmitry Shachnev)
[2023-05-03] qtbase-opensource-src 5.15.8+dfsg-7 MIGRATED to testing (Debian testing watch)
[2023-04-15] Accepted qtbase-opensource-src 5.15.9+dfsg-1 (source) into experimental (Dmitry Shachnev)
[2023-04-13] Accepted qtbase-opensource-src 5.15.8+dfsg-7 (source) into unstable (Lisandro Damián Nicanor Pérez Meyer)
[2023-04-11] Accepted qtbase-opensource-src 5.15.8+dfsg-6 (source) into unstable (Dmitry Shachnev)
[2023-04-10] Accepted qtbase-opensource-src 5.15.8+dfsg-5 (source) into unstable (Dmitry Shachnev)
[2023-04-09] Accepted qtbase-opensource-src 5.15.8+dfsg-4 (source) into unstable (Dmitry Shachnev)
[2023-03-09] qtbase-opensource-src 5.15.8+dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-02-27] Accepted qtbase-opensource-src 5.15.8+dfsg-3 (source) into unstable (Dmitry Shachnev)
[2023-01-22] qtbase-opensource-src 5.15.8+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-01-13] Accepted qtbase-opensource-src 5.15.8+dfsg-2 (source) into unstable (Dmitry Shachnev)
[2023-01-12] Accepted qtbase-opensource-src 5.15.7+dfsg-3 (source) into unstable (Dmitry Shachnev)
[2023-01-04] Accepted qtbase-opensource-src 5.15.8+dfsg-1 (source) into experimental (Dmitry Shachnev)
[2022-12-30] qtbase-opensource-src 5.15.7+dfsg-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 45 52
RC: 0
I&N: 34 36
M&W: 9 11
F&P: 2 5
patch: 2

links

homepage
lintian (11, 19)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.15.10+dfsg-3
98 bugs (4 patches)