<qtbase-6.8.0 (incl. Qt5), and qtbase-6.9.0 are not affected, but 6.9.0 is masked and not a stable candidate, so 6.8.3-r1 is patched instead. Given Qt 6.8.3 is still in middle of stabilization (bug #953873), and that I'd rather not split stabling a new revbump in another bug. I went ahead and did 6.8.3-r1 by keeping current stable keywords while hoping patch won't regress anything. Still need bug #953873 to be done to stabilizes on the remaining arches then cleanup 6.8.2+6.8.3-r0 though.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=907684acbc69be25dcd41054cd89548573956ee3 commit 907684acbc69be25dcd41054cd89548573956ee3 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2025-06-09 07:09:51 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2025-06-09 08:04:41 +0000 dev-qt/qtbase: drop vulnerable 6.8.2-r2 Bug: https://bugs.gentoo.org/954261 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> dev-qt/qtbase/Manifest | 1 - .../qtbase/files/qtbase-6.8.2-QTBUG-133500.patch | 58 ---- .../qtbase/files/qtbase-6.8.2-QTBUG-133808.patch | 12 - dev-qt/qtbase/qtbase-6.8.2-r2.ebuild | 382 --------------------- 4 files changed, 453 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=29a5b16cc4c50389b3712f7d011fe04c7a771814 commit 29a5b16cc4c50389b3712f7d011fe04c7a771814 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2025-06-12 07:35:56 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2025-06-12 07:36:23 +0000 [ GLSA 202506-06 ] Qt: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/924647 Bug: https://bugs.gentoo.org/931096 Bug: https://bugs.gentoo.org/935869 Bug: https://bugs.gentoo.org/954261 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202506-06.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+)
