Debian Bug report logs - #626845
pu: package qt4-x11/4:4.6.3-4+squeeze1

version graph

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Modestas Vainius <modax@debian.org>

Date: Sun, 15 May 2011 20:27:02 UTC

Severity: normal

Tags: confirmed, squeeze

Fixed in version 6.0.2

Done: Adam D. Barratt <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, debian-qt-kde@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#626845; Package release.debian.org. (Sun, 15 May 2011 20:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Modestas Vainius <modax@debian.org>:
New Bug report received and forwarded. Copy sent to debian-qt-kde@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>. (Sun, 15 May 2011 20:27:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Modestas Vainius <modax@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pu: package qt4-x11/4:4.6.3-4+squeeze1
Date: Sun, 15 May 2011 23:21:53 +0300
[Message part 1 (text/plain, inline)]
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hello,

[ Disclaimer: I've already asked security team about this upload and they told
me to do it via s-p-u ]

This upload would fix 2 security issues. Change-by-change details are below
while full diff is attached.

* Blacklist a set of fraudulent ssl certificates; to perform this
  blacklisting we need these patches:
  - blacklist_fraudulent_comodo_certificates.diff
  - ssl_certificate_large_sn.diff

  http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commit;h=f8f083cf53ff

* Fix CVE-2010-3170 (browser wildcard cerficate validation weakness) with
  cve_2010_3170_ssl_certificates_wildcard.diff. This problem affects the Arora
  web browser.

  http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commit;h=ca7ca43a374c

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
[qt4-x11_4.6.3-4+squeeze1.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#626845; Package release.debian.org. (Mon, 16 May 2011 20:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 16 May 2011 20:51:06 GMT) Full text and rfc822 format available.

Message #10 received at 626845@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Modestas Vainius <modax@debian.org>, 626845@bugs.debian.org
Subject: Re: Bug#626845: pu: package qt4-x11/4:4.6.3-4+squeeze1
Date: Mon, 16 May 2011 21:47:02 +0100
tag 626845 + squeeze confirmed
thanks

On Sun, 2011-05-15 at 23:21 +0300, Modestas Vainius wrote:
> * Blacklist a set of fraudulent ssl certificates; to perform this
>   blacklisting we need these patches:
>   - blacklist_fraudulent_comodo_certificates.diff
>   - ssl_certificate_large_sn.diff
> 
>   http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commit;h=f8f083cf53ff
> 
> * Fix CVE-2010-3170 (browser wildcard cerficate validation weakness) with
>   cve_2010_3170_ssl_certificates_wildcard.diff. This problem affects the Arora
>   web browser.
> 
>   http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commit;h=ca7ca43a374c

With the addition of fixing the distribution in the changelog, please go
ahead.

Regards,

Adam





Added tag(s) squeeze and confirmed. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Mon, 16 May 2011 20:51:08 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Tue, 31 May 2011 20:27:03 GMT) Full text and rfc822 format available.

Bug marked as fixed in version 6.0.2, send any further explanations to Modestas Vainius <modax@debian.org> Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sun, 26 Jun 2011 15:03:25 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jul 2011 07:38:00 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 12:23:04 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.