qt6-declarative - Debian Package Tracker

general

source: qt6-declarative (main)
version: 6.10.2+dfsg-5
maintainer: Debian Qt/KDE Maintainers (archive) (DMD)
uploaders: Patrick Franz [DMD]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 6.4.2+dfsg-1
stable: 6.8.2+dfsg-7
testing: 6.10.2+dfsg-4
unstable: 6.10.2+dfsg-5

versioned links

6.4.2+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.8.2+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.10.2+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.10.2+dfsg-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libqt6labsplatform6
libqt6labssynchronizer6
libqt6qml6
libqt6qmlcompiler6
libqt6qmlmeta6
libqt6qmlmodels6
libqt6qmlnetwork6
libqt6qmlworkerscript6
libqt6quick6
libqt6quickcontrols2-6
libqt6quickshapes6
libqt6quickshapesdesignhelpers6
libqt6quicktemplates2-6
libqt6quicktest6
libqt6quickvectorimage6
libqt6quickvectorimagegenerator6
libqt6quickvectorimagehelpers6
libqt6quickwidgets6
qml-qt6
qml6-module-qml
qml6-module-qmltime
qml6-module-qt-labs-animation
qml6-module-qt-labs-assetdownloader
qml6-module-qt-labs-folderlistmodel
qml6-module-qt-labs-platform
qml6-module-qt-labs-qmlmodels
qml6-module-qt-labs-settings
qml6-module-qt-labs-sharedimage
qml6-module-qt-labs-synchronizer
qml6-module-qt-labs-wavefrontmesh
qml6-module-qtcore
qml6-module-qtnetwork
qml6-module-qtqml
qml6-module-qtqml-models
qml6-module-qtqml-workerscript
qml6-module-qtqml-xmllistmodel
qml6-module-qtquick (1 bugs: 0, 1, 0, 0)
qml6-module-qtquick-controls
qml6-module-qtquick-dialogs
qml6-module-qtquick-effects
qml6-module-qtquick-layouts
qml6-module-qtquick-localstorage
qml6-module-qtquick-particles
qml6-module-qtquick-shapes
qml6-module-qtquick-shapes-designhelpers
qml6-module-qtquick-templates
qml6-module-qtquick-tooling
qml6-module-qtquick-vectorimage
qml6-module-qtquick-vectorimage-helpers
qml6-module-qtquick-window
qml6-module-qttest
qmlscene-qt6
qt6-declarative-dev (2 bugs: 0, 1, 1, 0)
qt6-declarative-dev-tools
qt6-declarative-doc
qt6-declarative-doc-dev
qt6-declarative-doc-html
qt6-declarative-examples
qt6-declarative-private-dev
qt6-qmllint-plugins
qt6-qmlls-plugins
qt6-qmltooling-plugins

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In watch file debian/watch, reading webpage
  https://download.qt.io/archive/qt/ failed: 500 read timeout

Created: 2026-05-31 Last update: 2026-06-02 01:02

2 security issues in trixie high

There are 2 open security issues in trixie.

1 important issue:

CVE-2025-14576: Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.

1 issue left for the package maintainer to handle:

CVE-2025-12385: (needs triaging) Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-05 Last update: 2026-05-31 06:02

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-12385: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Created: 2025-12-05 Last update: 2026-05-31 06:02

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-12385: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Created: 2025-12-05 Last update: 2026-05-31 06:02

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2025-14576: Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.

1 issue left for the package maintainer to handle:

CVE-2025-12385: (needs triaging) Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-05 Last update: 2026-05-31 06:02

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2024-11-11 Last update: 2026-06-02 00:00

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-05-31 Last update: 2026-05-31 15:01

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2025-10-16 04:33

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 6.10.2+dfsg-5 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2026-03-20 Last update: 2026-05-31 17:17

testing migrations

excuses:
- Migration status for qt6-declarative (6.10.2+dfsg-4 to 6.10.2+dfsg-5): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for actiona/3.11.1-3.1: amd64: Pass, arm64: Pass, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for clazy/1.17.1-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for lomiri-content-hub/2.2.3-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for mediascanner2/0.200-3: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for plasma-activities/6.6.5-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for pyotherside/1.6.2-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for pyqt6/6.11.0-1: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻ (reference ♻), loong64: Test triggered, ppc64el: No tests, superficial or marked flaky ♻ (reference ♻), riscv64: Test triggered, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for pyside6/6.10.3-2: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻ (reference ♻), loong64: Test triggered, ppc64el: No tests, superficial or marked flaky ♻ (reference ♻), riscv64: Test triggered, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for qbs/3.2.0-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for qlcplus/4.14.4-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for riseup-vpn/0.25.8+ds3-4: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for snapd-glib/1.70-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Pass
- ∙ ∙ Autopkgtest for texworks/0.6.11+ds-2: amd64: Pass, arm64: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Autopkgtest for uranium/5.0.0-9: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻ (reference ♻), loong64: Test triggered, ppc64el: No tests, superficial or marked flaky ♻ (reference ♻), riscv64: Test triggered, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Too young, only 2 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/q/qt6-declarative.html
- ∙ ∙ Not reproduced on amd64 (not a regression): qt6-declarative-dev, qt6-declarative-examples
- ∙ ∙ Not reproduced on arm64 (not a regression): qt6-declarative-dev, qt6-declarative-examples
- ∙ ∙ Not reproduced on armhf (not a regression): qt6-declarative-dev
- ∙ ∙ Not reproduced on i386 (not a regression): qt6-declarative-dev
- Not considered

news

[rss feed]

[2026-05-30] Accepted qt6-declarative 6.10.2+dfsg-5 (source) into unstable (Patrick Franz)
[2026-04-03] qt6-declarative 6.10.2+dfsg-4 MIGRATED to testing (Debian testing watch)
[2026-03-19] Accepted qt6-declarative 6.10.2+dfsg-4 (source) into unstable (Patrick Franz)
[2026-03-12] qt6-declarative 6.9.2+dfsg-6 MIGRATED to testing (Debian testing watch)
[2026-03-05] Accepted qt6-declarative 6.9.2+dfsg-6 (source) into unstable (Patrick Franz)
[2026-02-20] Accepted qt6-declarative 6.10.2+dfsg-3 (source) into experimental (Patrick Franz)
[2026-02-08] Accepted qt6-declarative 6.10.2+dfsg-2 (source) into experimental (Patrick Franz)
[2026-02-07] Accepted qt6-declarative 6.10.2+dfsg-1 (source amd64) into experimental (Debian FTP Masters) (signed by: Patrick Franz)
[2025-11-02] qt6-declarative 6.9.2+dfsg-5 MIGRATED to testing (Debian testing watch)
[2025-10-27] Accepted qt6-declarative 6.9.2+dfsg-5 (source) into unstable (Patrick Franz)
[2025-10-07] qt6-declarative 6.9.2+dfsg-4 MIGRATED to testing (Debian testing watch)
[2025-10-01] Accepted qt6-declarative 6.9.2+dfsg-4 (source) into unstable (Pino Toscano)
[2025-10-01] qt6-declarative 6.9.2+dfsg-3 MIGRATED to testing (Debian testing watch)
[2025-09-23] Accepted qt6-declarative 6.9.2+dfsg-3 (source) into unstable (Patrick Franz)
[2025-09-22] Accepted qt6-declarative 6.9.2+dfsg-2 (source) into unstable (Patrick Franz)
[2025-09-07] Accepted qt6-declarative 6.9.2+dfsg-1 (source) into experimental (Patrick Franz)
[2025-08-25] Accepted qt6-declarative 6.9.1+dfsg-2 (source) into experimental (Patrick Franz)
[2025-07-19] Accepted qt6-declarative 6.9.1+dfsg-1 (source) into experimental (Patrick Franz)
[2025-04-03] qt6-declarative 6.8.2+dfsg-7 MIGRATED to testing (Debian testing watch)
[2025-03-29] Accepted qt6-declarative 6.8.2+dfsg-7 (source) into unstable (Pino Toscano)
[2025-03-14] qt6-declarative 6.8.2+dfsg-6 MIGRATED to testing (Debian testing watch)
[2025-03-01] Accepted qt6-declarative 6.8.2+dfsg-6 (source) into unstable (Patrick Franz)
[2025-02-20] Accepted qt6-declarative 6.8.2+dfsg-5 (source) into experimental (Patrick Franz)
[2025-02-17] Accepted qt6-declarative 6.8.2+dfsg-4 (source) into experimental (Patrick Franz)
[2025-02-13] Accepted qt6-declarative 6.8.2+dfsg-3 (source) into experimental (Patrick Franz)
[2025-02-10] Accepted qt6-declarative 6.8.2+dfsg-2 (source) into experimental (Patrick Franz)
[2025-02-08] Accepted qt6-declarative 6.8.2+dfsg-1 (source amd64) into experimental (Debian FTP Masters) (signed by: Patrick Franz)
[2024-11-09] qt6-declarative 6.7.2+dfsg-11 MIGRATED to testing (Debian testing watch)
[2024-11-04] Accepted qt6-declarative 6.7.2+dfsg-11 (source) into unstable (Sandro Knauß)
[2024-11-04] qt6-declarative 6.7.2+dfsg-10 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 4
RC: 0
I&N: 3
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 5)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.10.2+dfsg-3
2 bugs