FS#38081 - [qt4/qt5] security patch for CVE-2013-4549
Attached to Project:
Arch Linux
Opened by RbN (RbN) - Monday, 09 December 2013, 19:29 GMT
Last edited by Andrea Scarpino (BaSh) - Wednesday, 11 December 2013, 15:33 GMT
Opened by RbN (RbN) - Monday, 09 December 2013, 19:29 GMT
Last edited by Andrea Scarpino (BaSh) - Wednesday, 11 December 2013, 15:33 GMT
|
Details
Description:
from Qt Project Security Advisory [0] "QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed." Patch : for qt4 : [1] for qt5 5.1 : [2] Ressources : [0] http://lists.qt-project.org/pipermail/announce/2013-December/000036.html [1] https://codereview.qt-project.org/#change,71010 [2] https://codereview.qt-project.org/#change,71368 |
This task depends upon
Closed by Andrea Scarpino (BaSh)
Wednesday, 11 December 2013, 15:33 GMT
Reason for closing: Fixed
Additional comments about closing: qt4 4.8.5-7
qt5-base 5.1.1-6
qt5-base 5.2.0rc1-2
Wednesday, 11 December 2013, 15:33 GMT
Reason for closing: Fixed
Additional comments about closing: qt4 4.8.5-7
qt5-base 5.1.1-6
qt5-base 5.2.0rc1-2