Two CVEs in qtbase-opensource-src
Moritz Mühlenhoff
jmm at inutil.org
Thu Jan 30 15:36:56 GMT 2020
On Thu, Jan 30, 2020 at 12:19:31PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> Hi!
>
> On Thu, 30 Jan 2020 at 11:44, Moritz Mühlenhoff <jmm at inutil.org> wrote:
> >
> > On Thu, Jan 30, 2020 at 11:25:02AM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> > > Hi! Two security bugs where found in qtbase-opensource-src:
> > >
> > > https://lists.qt-project.org/pipermail/development/2020-January/038521.html
> >
> > > Please noe that the attached debdiff is made againt the current version in
> > > buster p-u, already accepted by SRM.
> >
> > Hi Lisandro,
> > debdiff looks good, please upload to security-master!
>
> Do I need to do a binary upload or source only is enough? (apart from
> including the source in the upload, first security upload if I'm not
> mistaken).
Ack, source uploads are fine for stretch (for the first upload to a security
suite -sa is needed, but that already happened for 5.7.1+dfsg-3+deb9u1)
> > Stretch is still supported for another ~ half year, could you also prepare
> > a stretch-security update for CVE-2020-0569?
>
> Sure. I'll also see to prepare a qt4-x11 upload too. I might even do
> an unstable one...
Let's not waste time on an additional sid uploads for Qt4, the big RM hammer
is coming in a month anyway :-)
Cheers,
Moritz
More information about the pkg-kde-talk
mailing list