954261 – (CVE-2025-3512) <dev-qt/qtbase-6.8.3-r1: heap-buffer-overflow issue in QTextMarkdownImporter (CVE-2025-3512)

Bug 954261 (CVE-2025-3512) - <dev-qt/qtbase-6.8.3-r1: heap-buffer-overflow issue in QTextMarkdownImporter (CVE-2025-3512)

Summary: <dev-qt/qtbase-6.8.3-r1: heap-buffer-overflow issue in QTextMarkdownImporter ...

Status:	CONFIRMED

Alias:	CVE-2025-3512

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://www.qt.io/blog/security-advis...
Whiteboard:	A2 [stable]
Keywords:

Depends on:	qt-6.8.3-stable
Blocks:
	Show dependency tree

Reported:	2025-04-23 12:20 UTC by Ionen Wolkens
Modified:	2025-04-25 13:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ionen Wolkens gentoo-dev

2025-04-23 12:20:21 UTC

<qtbase-6.8.0 (incl. Qt5), and qtbase-6.9.0 are not affected, but 6.9.0 is masked and not a stable candidate, so 6.8.3-r1 is patched instead.

Given Qt 6.8.3 is still in middle of stabilization (bug #953873), and that I'd rather not split stabling a new revbump in another bug. I went ahead and did 6.8.3-r1 by keeping current stable keywords while hoping patch won't regress anything.

Still need bug #953873 to be done to stabilizes on the remaining arches then cleanup 6.8.2+6.8.3-r0 though.