unpushed

FEDORA-2024-7424b57c59

FEDORA-2024-7424b57c59 created by jgrulich 4 months ago for Fedora 38

Fix CVE-2024-25580: potential buffer overflow when reading KTX images.

This update has been submitted for testing by jgrulich.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'failed'.

4 months ago
User Icon adamwill commented & provided feedback 4 months ago
karma

This seems to have dependency issues:

Problem 1: package qt5-qtdeclarative-5.15.11-2.fc38.x86_64 from @System requires qt5-qtbase(x86-64) = 5.15.11, but none of the providers can be installed
  - cannot install both qt5-qtbase-5.15.12-5.fc38.x86_64 from advisory and qt5-qtbase-5.15.11-7.fc38.x86_64 from @System
  - cannot install both qt5-qtbase-5.15.11-7.fc38.x86_64 from updates and qt5-qtbase-5.15.12-5.fc38.x86_64 from advisory
  - cannot install the best update candidate for package qt5-qtdeclarative-5.15.11-2.fc38.x86_64
  - cannot install the best update candidate for package qt5-qtbase-5.15.11-7.fc38.x86_64
 Problem 2: package qt5-qtxmlpatterns-5.15.11-1.fc38.x86_64 from @System requires qt5-qtbase(x86-64) = 5.15.11, but none of the providers can be installed
  - package qt5-qtbase-5.15.11-7.fc38.x86_64 from @System requires qt5-qtbase-common = 5.15.11-7.fc38, but none of the providers can be installed
  - package qt5-qtbase-5.15.11-7.fc38.x86_64 from updates requires qt5-qtbase-common = 5.15.11-7.fc38, but none of the providers can be installed
  - cannot install both qt5-qtbase-common-5.15.12-5.fc38.noarch from advisory and qt5-qtbase-common-5.15.11-7.fc38.noarch from @System
  - cannot install both qt5-qtbase-common-5.15.11-7.fc38.noarch from updates and qt5-qtbase-common-5.15.12-5.fc38.noarch from advisory
  - cannot install the best update candidate for package qt5-qtxmlpatterns-5.15.11-1.fc38.x86_64
  - cannot install the best update candidate for package qt5-qtbase-common-5.15.11-7.fc38.noarch
 Problem 3: package qt5-qtx11extras-5.15.11-1.fc38.x86_64 from @System requires qt5-qtbase(x86-64) = 5.15.11, but none of the providers can be installed
  - cannot install both qt5-qtbase-5.15.12-5.fc38.x86_64 from advisory and qt5-qtbase-5.15.11-7.fc38.x86_64 from @System
  - cannot install both qt5-qtbase-5.15.11-7.fc38.x86_64 from updates and qt5-qtbase-5.15.12-5.fc38.x86_64 from advisory
  - package qt5-qtbase-gui-5.15.12-5.fc38.x86_64 from advisory requires qt5-qtbase(x86-64) = 5.15.12-5.fc38, but none of the providers can be installed
  - cannot install the best update candidate for package qt5-qtx11extras-5.15.11-1.fc38.x86_64
  - cannot install the best update candidate for package qt5-qtbase-gui-5.15.11-7.fc38.x86_64
 Problem 4: package qt5-qtwebview-5.15.11-1.fc38.x86_64 from @System requires qt5-qtbase(x86-64) = 5.15.11, but none of the providers can be installed
  - cannot install both qt5-qtbase-5.15.12-5.fc38.x86_64 from advisory and qt5-qtbase-5.15.11-7.fc38.x86_64 from @System
  - cannot install both qt5-qtbase-5.15.11-7.fc38.x86_64 from updates and qt5-qtbase-5.15.12-5.fc38.x86_64 from advisory
  - package qt5-qtbase-mysql-5.15.12-5.fc38.x86_64 from advisory requires qt5-qtbase(x86-64) = 5.15.12-5.fc38, but none of the providers can be installed
  - cannot install the best update candidate for package qt5-qtwebview-5.15.11-1.fc38.x86_64
  - cannot install the best update candidate for package qt5-qtbase-mysql-5.15.11-7.fc38.x86_64

It seems qt5-qtbase-5.15.11-7.fc38 is the current stable for F38, so this is actually version bump, which perhaps is inappropriate? Should the CVE fix instead be backported to 5.15.11? For F39, there was a megaupdate to bump to 5.15.12, but that did not happen for F38.

This update has been pushed to testing.

4 months ago

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

4 months ago

This update has been unpushed.


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
-1
Signed
Test Gating
Builds
0
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
4 months ago
in testing
4 months ago
BZ#2264424 TRIAGE CVE-2024-25580 qt5-qtbase: qtbase: potential buffer overflow when reading KTX images [fedora-all]
0
0

Automated Test Results