qt6-declarative - Debian Package Tracker

general

source: qt6-declarative (main)
version: 6.10.2+dfsg-4
maintainer: Debian Qt/KDE Maintainers (archive) (DMD)
uploaders: Patrick Franz [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 6.4.2+dfsg-1
stable: 6.8.2+dfsg-7
testing: 6.10.2+dfsg-4
unstable: 6.10.2+dfsg-4

versioned links

6.4.2+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.8.2+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.10.2+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libqt6labsplatform6
libqt6labssynchronizer6
libqt6qml6
libqt6qmlcompiler6
libqt6qmlmeta6
libqt6qmlmodels6
libqt6qmlnetwork6
libqt6qmlworkerscript6
libqt6quick6
libqt6quickcontrols2-6
libqt6quickshapes6
libqt6quickshapesdesignhelpers6
libqt6quicktemplates2-6
libqt6quicktest6
libqt6quickvectorimage6
libqt6quickvectorimagegenerator6
libqt6quickvectorimagehelpers6
libqt6quickwidgets6
qml-qt6
qml6-module-qml
qml6-module-qmltime
qml6-module-qt-labs-animation
qml6-module-qt-labs-assetdownloader
qml6-module-qt-labs-folderlistmodel
qml6-module-qt-labs-platform
qml6-module-qt-labs-qmlmodels
qml6-module-qt-labs-settings
qml6-module-qt-labs-sharedimage
qml6-module-qt-labs-synchronizer
qml6-module-qt-labs-wavefrontmesh
qml6-module-qtcore
qml6-module-qtnetwork
qml6-module-qtqml
qml6-module-qtqml-models
qml6-module-qtqml-workerscript
qml6-module-qtqml-xmllistmodel
qml6-module-qtquick (1 bugs: 0, 1, 0, 0)
qml6-module-qtquick-controls
qml6-module-qtquick-dialogs
qml6-module-qtquick-effects
qml6-module-qtquick-layouts
qml6-module-qtquick-localstorage
qml6-module-qtquick-particles
qml6-module-qtquick-shapes
qml6-module-qtquick-shapes-designhelpers
qml6-module-qtquick-templates
qml6-module-qtquick-tooling
qml6-module-qtquick-vectorimage
qml6-module-qtquick-vectorimage-helpers
qml6-module-qtquick-window
qml6-module-qttest
qmlscene-qt6
qt6-declarative-dev (2 bugs: 0, 1, 1, 0)
qt6-declarative-dev-tools
qt6-declarative-doc
qt6-declarative-doc-dev
qt6-declarative-doc-html
qt6-declarative-examples
qt6-declarative-private-dev
qt6-qmllint-plugins
qt6-qmlls-plugins
qt6-qmltooling-plugins

action needed

A new upstream version is available: 6.11.0 high

A new upstream version 6.11.0 is available, you should consider packaging it.

Created: 2026-03-24 Last update: 2026-05-12 08:30

2 security issues in trixie high

There are 2 open security issues in trixie.

1 important issue:

CVE-2025-14576: Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.

1 issue left for the package maintainer to handle:

CVE-2025-12385: (needs triaging) Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-05 Last update: 2026-05-08 14:03

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-12385: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Created: 2025-12-05 Last update: 2026-05-08 14:03

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-12385: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Created: 2025-12-05 Last update: 2026-05-08 14:03

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2025-14576: Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.

1 issue left for the package maintainer to handle:

CVE-2025-12385: (needs triaging) Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-05 Last update: 2026-05-08 14:03

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2024-11-11 Last update: 2026-05-12 11:17

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-03-06 Last update: 2026-03-06 10:30

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2025-10-16 04:33

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 6.10.2+dfsg-4 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2026-03-20 Last update: 2026-03-20 09:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-03-31 15:01

news

[rss feed]

[2026-04-03] qt6-declarative 6.10.2+dfsg-4 MIGRATED to testing (Debian testing watch)
[2026-03-19] Accepted qt6-declarative 6.10.2+dfsg-4 (source) into unstable (Patrick Franz)
[2026-03-12] qt6-declarative 6.9.2+dfsg-6 MIGRATED to testing (Debian testing watch)
[2026-03-05] Accepted qt6-declarative 6.9.2+dfsg-6 (source) into unstable (Patrick Franz)
[2026-02-20] Accepted qt6-declarative 6.10.2+dfsg-3 (source) into experimental (Patrick Franz)
[2026-02-08] Accepted qt6-declarative 6.10.2+dfsg-2 (source) into experimental (Patrick Franz)
[2026-02-07] Accepted qt6-declarative 6.10.2+dfsg-1 (source amd64) into experimental (Debian FTP Masters) (signed by: Patrick Franz)
[2025-11-02] qt6-declarative 6.9.2+dfsg-5 MIGRATED to testing (Debian testing watch)
[2025-10-27] Accepted qt6-declarative 6.9.2+dfsg-5 (source) into unstable (Patrick Franz)
[2025-10-07] qt6-declarative 6.9.2+dfsg-4 MIGRATED to testing (Debian testing watch)
[2025-10-01] Accepted qt6-declarative 6.9.2+dfsg-4 (source) into unstable (Pino Toscano)
[2025-10-01] qt6-declarative 6.9.2+dfsg-3 MIGRATED to testing (Debian testing watch)
[2025-09-23] Accepted qt6-declarative 6.9.2+dfsg-3 (source) into unstable (Patrick Franz)
[2025-09-22] Accepted qt6-declarative 6.9.2+dfsg-2 (source) into unstable (Patrick Franz)
[2025-09-07] Accepted qt6-declarative 6.9.2+dfsg-1 (source) into experimental (Patrick Franz)
[2025-08-25] Accepted qt6-declarative 6.9.1+dfsg-2 (source) into experimental (Patrick Franz)
[2025-07-19] Accepted qt6-declarative 6.9.1+dfsg-1 (source) into experimental (Patrick Franz)
[2025-04-03] qt6-declarative 6.8.2+dfsg-7 MIGRATED to testing (Debian testing watch)
[2025-03-29] Accepted qt6-declarative 6.8.2+dfsg-7 (source) into unstable (Pino Toscano)
[2025-03-14] qt6-declarative 6.8.2+dfsg-6 MIGRATED to testing (Debian testing watch)
[2025-03-01] Accepted qt6-declarative 6.8.2+dfsg-6 (source) into unstable (Patrick Franz)
[2025-02-20] Accepted qt6-declarative 6.8.2+dfsg-5 (source) into experimental (Patrick Franz)
[2025-02-17] Accepted qt6-declarative 6.8.2+dfsg-4 (source) into experimental (Patrick Franz)
[2025-02-13] Accepted qt6-declarative 6.8.2+dfsg-3 (source) into experimental (Patrick Franz)
[2025-02-10] Accepted qt6-declarative 6.8.2+dfsg-2 (source) into experimental (Patrick Franz)
[2025-02-08] Accepted qt6-declarative 6.8.2+dfsg-1 (source amd64) into experimental (Debian FTP Masters) (signed by: Patrick Franz)
[2024-11-09] qt6-declarative 6.7.2+dfsg-11 MIGRATED to testing (Debian testing watch)
[2024-11-04] Accepted qt6-declarative 6.7.2+dfsg-11 (source) into unstable (Sandro Knauß)
[2024-11-04] qt6-declarative 6.7.2+dfsg-10 MIGRATED to testing (Debian testing watch)
[2024-10-29] Accepted qt6-declarative 6.7.2+dfsg-10 (source) into unstable (Patrick Franz)

bugs [bug history graph]

all: 4
RC: 0
I&N: 3
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 5)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.10.2+dfsg-3
2 bugs