From: Raspbian automatic forward porter <root@raspbian.org>
Date: Sun, 30 Jun 2024 13:09:59 +0000 (+0100)
Subject: Merge version 5.15.2+dfsg-9+rpi1 and 5.15.2+dfsg-9+deb11u1 to produce 5.15.2+dfsg... 
X-Git-Tag: archive/raspbian/5.15.2+dfsg-9+rpi1+deb11u1^0
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=b07f87aa797394beeb23410ae5b9a1b3d429980c;p=qtbase-opensource-src.git

Merge version 5.15.2+dfsg-9+rpi1 and 5.15.2+dfsg-9+deb11u1 to produce 5.15.2+dfsg-9+rpi1+deb11u1
---

b07f87aa797394beeb23410ae5b9a1b3d429980c
diff --cc debian/changelog
index ec09f4f85,dc6637066..85c959e84
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,12 -1,32 +1,42 @@@
- qtbase-opensource-src (5.15.2+dfsg-9+rpi1) bullseye-staging; urgency=medium
++qtbase-opensource-src (5.15.2+dfsg-9+rpi1+deb11u1) bullseye-staging; urgency=medium
 +
 +  [changes introduced in 5.6.1+dfsg-2+rpi1] by Peter Michael Green]
 +  * Partially fix clean target.
 +
 +  [changes introduced in 5.9.1+dfsg-9+rpi1 by Peter Michael Green]
 +  * Disable neon (-no-neon no longer seems to work, so edit configure.json instead)
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 15 Jul 2021 22:18:33 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sun, 30 Jun 2024 13:09:59 +0000
++
+ qtbase-opensource-src (5.15.2+dfsg-9+deb11u1) bullseye; urgency=medium
+ 
+   * Non-maintainer upload by the LTS Team.
+   * CVE-2024-25580 (Closes: #1064053)
+     fix buffer overflow due to crafted KTX image file
+   * CVE-2023-32763 (Closes: #1036702)
+     fix QTextLayout buffer overflow due to crafted SVG file
+   * CVE-2022-25255
+     prevent QProcess from execution of a binary from the current working
+     directory when not found in the PATH
+   * CVE-2023-24607 (Closes: #1031872)
+     fix denial of service via a crafted string when the SQL ODBC driver
+     plugin is used
+   * fix regression caused by patch for CVE-2023-24607
+   * CVE-2023-32762
+     prevent incorrect parsing of the strict-transport-security (HSTS) header
+   * CVE-2023-51714 (Closes: #1060694)
+     fix incorrect HPack integer overflow check.
+   * CVE-2023-38197 (Closes: #1041105)
+     fix infinite loop in recursive entity expansion
+   * CVE-2023-37369 (Closes: #1059302)
+     fix crash of application in QXmlStreamReader due to crafted XML string
+   * CVE-2023-34410 (Closes: #1037210)
+     fix checking during TLS whether root of the chain really is a
+     configured CA certificate
+   * CVE-2023-33285 (Closes: #1036848)
+     fix buffer overflow in QDnsLookup
+ 
+  -- Thorsten Alteholz <debian@alteholz.de>  Sun, 28 Apr 2024 22:48:02 +0200
  
  qtbase-opensource-src (5.15.2+dfsg-9) unstable; urgency=medium