FS#38081 : [qt4/qt5] security patch for CVE-2013-4549

FS#38081 - [qt4/qt5] security patch for CVE-2013-4549

Attached to Project: Arch Linux
Opened by RbN (RbN) - Monday, 09 December 2013, 19:29 GMT
Last edited by Andrea Scarpino (BaSh) - Wednesday, 11 December 2013, 15:33 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Andrea Scarpino (BaSh)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
from Qt Project Security Advisory [0]
"QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal
entities in XML documents without placing restrictions to ensure the document
does not cause excessive memory usage. If an application using this API
processes untrusted data then the application may use unexpected amounts of
memory if a malicious document is processed."

Patch :
for qt4 : [1]
for qt5 5.1 : [2]

Ressources :
[0] http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
[1] https://codereview.qt-project.org/#change,71010
[2] https://codereview.qt-project.org/#change,71368

This task depends upon

Closed by Andrea Scarpino (BaSh)
Wednesday, 11 December 2013, 15:33 GMT
Reason for closing: Fixed
Additional comments about closing: qt4 4.8.5-7
qt5-base 5.1.1-6
qt5-base 5.2.0rc1-2

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#38081 - [qt4/qt5] security patch for CVE-2013-4549

Details

Loading...