RedHat has issued an advisory on April 30: https://lwn.net/Articles/971686/
CVE: (none) => CVE-2023-51714, CVE-2024-25580Source RPM: (none) => qtbase5, qtbase6Whiteboard: (none) => MGA9TOO
RedHat: An update for qt5-qtbase is now available * qt: incorrect integer overflow check (CVE-2023-51714) * qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580) For more details about the security issue(s) ... refer to the CVE page(s) listed in the References section. which I do not see. This must be the case for other RedHat advisories where I complain about no sign of the issued fix. Note this is for *both* gt5 & qt6. Assigning globally because different packagers deal with these.
Assignee: bugsquad => pkg-bugs
For Qt6 in Cauldron: - CVE-2023-51714 was fixes since Qt 6.6.2 that we have - CVE-2024-25580 was fixes since Qt 6.6.2 that we have So Qt5 and Qt6 for mga9 should still be fixed and only Qt5 for Caudron should still be fixed!
CC: (none) => geiger.david68210
Fodora has issued an advisory on July 11: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVCBTKX6LVBTP6UEJQZ2PENI2KATSRJK/
CVE: CVE-2023-51714, CVE-2024-25580 => CVE-2023-51714, CVE-2024-25580, CVE-2024-39936Summary: qtbase5, qtbase6 new security issues CVE-2023-51714 and CVE-2024-25580 => qtbase5, qtbase6 new security issues CVE-2023-51714, CVE-2024-25580 and CVE-2024-39936
For CVE-2024-39936, the fix is: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=b1e75376cc3adfc7da5502a277dfe9711f3e0536