Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#38081 - [qt4/qt5] security patch for CVE-2013-4549
Attached to Project:
Arch Linux
Opened by RbN (RbN) - Monday, 09 December 2013, 19:29 GMT
Last edited by Andrea Scarpino (BaSh) - Wednesday, 11 December 2013, 15:33 GMT
Opened by RbN (RbN) - Monday, 09 December 2013, 19:29 GMT
Last edited by Andrea Scarpino (BaSh) - Wednesday, 11 December 2013, 15:33 GMT
|
DetailsDescription:
from Qt Project Security Advisory [0] "QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed." Patch : for qt4 : [1] for qt5 5.1 : [2] Ressources : [0] http://lists.qt-project.org/pipermail/announce/2013-December/000036.html [1] https://codereview.qt-project.org/#change,71010 [2] https://codereview.qt-project.org/#change,71368 |
This task depends upon
Closed by Andrea Scarpino (BaSh)
Wednesday, 11 December 2013, 15:33 GMT
Reason for closing: Fixed
Additional comments about closing: qt4 4.8.5-7
qt5-base 5.1.1-6
qt5-base 5.2.0rc1-2
Wednesday, 11 December 2013, 15:33 GMT
Reason for closing: Fixed
Additional comments about closing: qt4 4.8.5-7
qt5-base 5.1.1-6
qt5-base 5.2.0rc1-2