qt6-base - Debian Package Tracker

general

source: qt6-base (main)
version: 6.8.2+dfsg-6
maintainer: Debian Qt/KDE Maintainers (archive) (DMD)
uploaders: Patrick Franz [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 6.4.2+dfsg-11~bpo11+1
stable: 6.4.2+dfsg-10
testing: 6.8.2+dfsg-5
unstable: 6.8.2+dfsg-6

versioned links

6.4.2+dfsg-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.4.2+dfsg-11~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.8.2+dfsg-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.8.2+dfsg-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libqt6concurrent6
libqt6core6t64 (1 bugs: 0, 1, 0, 0)
libqt6dbus6
libqt6gui6 (4 bugs: 0, 3, 1, 0)
libqt6network6
libqt6opengl6 (1 bugs: 0, 1, 0, 0)
libqt6openglwidgets6
libqt6printsupport6
libqt6sql6
libqt6sql6-ibase
libqt6sql6-mysql
libqt6sql6-odbc
libqt6sql6-psql
libqt6sql6-sqlite
libqt6test6
libqt6widgets6 (1 bugs: 0, 1, 0, 0)
libqt6xml6
qmake6
qmake6-bin
qt6-base-dev (3 bugs: 0, 3, 0, 0)
qt6-base-dev-tools (1 bugs: 0, 1, 0, 0)
qt6-base-doc
qt6-base-doc-dev
qt6-base-doc-html
qt6-base-examples
qt6-base-private-dev
qt6-gtk-platformtheme (1 bugs: 0, 1, 0, 0)
qt6-qpa-plugins
qt6-xdgdesktopportal-platformtheme

action needed

A new upstream version is available: 6.9.0 high

A new upstream version 6.9.0 is available, you should consider packaging it.

Created: 2025-03-29 Last update: 2025-04-17 18:01

lintian reports 12 errors and 99 warnings high

Lintian reports 12 errors and 99 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-10-24 Last update: 2025-04-17 16:31

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2025-3512: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
CVE-2024-25580: An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
CVE-2024-39936: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Created: 2023-07-14 Last update: 2025-04-17 00:00

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-25580: An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
CVE-2024-39936: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Created: 2023-07-14 Last update: 2025-04-17 00:00

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-02-12 Last update: 2025-04-17 17:31

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-02-10 Last update: 2025-04-17 13:03

debian/patches: 13 patches to forward upstream low

Among the 16 debian patches available in version 6.8.2+dfsg-6 of the package, we noticed the following issues:

13 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-04-17 09:00

6 low-priority security issues in bookworm low

There are 6 open security issues in bookworm.

5 issues left for the package maintainer to handle:

CVE-2023-34410: (needs triaging) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
CVE-2023-37369: (needs triaging) In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
CVE-2023-51714: (needs triaging) An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
CVE-2024-25580: (needs triaging) An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
CVE-2025-30348: (needs triaging) encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:

CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

1 issue that should be fixed with the next stable update:

CVE-2024-39936: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Created: 2024-06-29 Last update: 2025-04-17 00:00

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2024-03-11 Last update: 2024-06-06 21:42

testing migrations

excuses:
- Migration status for qt6-base (6.8.2+dfsg-5 to 6.8.2+dfsg-6): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ autopkgtest for clazy/1.13-1: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, riscv64: Test in progress, s390x: Pass
- ∙ ∙ autopkgtest for cppcheck/2.17.1-1: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Failed (not a regression), riscv64: Test in progress, s390x: Pass
- ∙ ∙ autopkgtest for kf6-ktexteditor/6.11.0-1: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, riscv64: Test in progress, s390x: Pass
- ∙ ∙ autopkgtest for libreoffice/4:25.2.2-1: amd64: Pass, arm64: Pass, armel: Test in progress (will not be considered a regression), armhf: Test in progress (will not be considered a regression), i386: Test in progress (will not be considered a regression), ppc64el: Test in progress (will not be considered a regression), riscv64: Test in progress, s390x: Pass
- ∙ ∙ autopkgtest for pyside6/6.8.2.1-3: amd64: No tests, superficial or marked flaky ♻ (reference ♻), arm64: No tests, superficial or marked flaky ♻ (reference ♻), armel: No tests, superficial or marked flaky ♻ (reference ♻), armhf: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻ (reference ♻), ppc64el: No tests, superficial or marked flaky ♻ (reference ♻), riscv64: Test in progress, s390x: No tests, superficial or marked flaky ♻ (reference ♻)
- ∙ ∙ Too young, only 0 of 10 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/q/qt6-base.html
- ∙ ∙ Ignoring non-reproducibility on amd64 (not a regression) - info ♻
- ∙ ∙ No reference result, but not reproducibility on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Ignoring non-reproducibility on i386 (not a regression) - info ♻
- Not considered

news

[rss feed]

[2025-04-16] Accepted qt6-base 6.8.2+dfsg-6 (source) into unstable (Patrick Franz)
[2025-03-14] qt6-base 6.8.2+dfsg-5 MIGRATED to testing (Debian testing watch)
[2025-03-01] Accepted qt6-base 6.8.2+dfsg-5 (source) into unstable (Patrick Franz)
[2025-02-15] Accepted qt6-base 6.8.2+dfsg-4 (source) into experimental (Patrick Franz)
[2025-02-07] qt6-base 6.7.2+dfsg-6 MIGRATED to testing (Debian testing watch)
[2025-02-04] Accepted qt6-base 6.8.2+dfsg-3 (source) into experimental (Pino Toscano)
[2025-02-03] Accepted qt6-base 6.8.2+dfsg-2 (source) into experimental (Pino Toscano)
[2025-02-02] Accepted qt6-base 6.8.2+dfsg-1 (source) into experimental (Patrick Franz)
[2025-02-02] Accepted qt6-base 6.7.2+dfsg-6 (source) into unstable (Sandro Knauß)
[2024-12-14] qt6-base 6.7.2+dfsg-5 MIGRATED to testing (Debian testing watch)
[2024-12-08] Accepted qt6-base 6.7.2+dfsg-5 (source) into unstable (Patrick Franz)
[2024-10-30] qt6-base 6.7.2+dfsg-4 MIGRATED to testing (Debian testing watch)
[2024-10-24] qt6-base 6.7.2+dfsg-3 MIGRATED to testing (Debian testing watch)
[2024-10-23] Accepted qt6-base 6.7.2+dfsg-4 (source) into unstable (Pino Toscano)
[2024-10-05] Accepted qt6-base 6.7.2+dfsg-3 (source) into unstable (Patrick Franz)
[2024-09-29] qt6-base 6.6.2+dfsg-12 MIGRATED to testing (Debian testing watch)
[2024-09-22] Accepted qt6-base 6.6.2+dfsg-12 (source) into unstable (Dmitry Shachnev)
[2024-08-30] Accepted qt6-base 6.7.2+dfsg-2 (source) into experimental (Patrick Franz)
[2024-08-28] Accepted qt6-base 6.7.2+dfsg-1 (source) into experimental (Patrick Franz)
[2024-08-08] qt6-base 6.6.2+dfsg-11 MIGRATED to testing (Debian testing watch)
[2024-08-02] Accepted qt6-base 6.6.2+dfsg-11 (source) into unstable (Dmitry Shachnev)
[2024-07-22] qt6-base 6.6.2+dfsg-10 MIGRATED to testing (Debian testing watch)
[2024-07-16] Accepted qt6-base 6.6.2+dfsg-10 (source) into unstable (Pino Toscano)
[2024-07-10] qt6-base 6.6.2+dfsg-9 MIGRATED to testing (Debian testing watch)
[2024-07-05] Accepted qt6-base 6.6.2+dfsg-9 (source) into unstable (Pino Toscano)
[2024-06-20] qt6-base 6.6.2+dfsg-8 MIGRATED to testing (Debian testing watch)
[2024-06-06] Accepted qt6-base 6.6.2+dfsg-8 (source) into unstable (Patrick Franz)
[2024-05-03] Accepted qt6-base 6.6.2+dfsg-7 (source) into experimental (Patrick Franz)
[2024-05-01] Accepted qt6-base 6.6.2+dfsg-6 (source) into experimental (Patrick Franz)
[2024-05-01] qt6-base 6.4.2+dfsg-21.1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 17 18
RC: 0
I&N: 16 17
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (12, 99)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.8.3+dfsg-0ubuntu2
6 bugs
patches for 6.8.3+dfsg-0ubuntu2