Univention Bugzilla – Bug 33269
qt4-x11: Multiple security issues (3.2)
Last modified: 2015-09-23 13:11:58 CEST
+++ This bug was initially created as a clone of Bug #29134 +++ Buffer overflow in Harfbuzz extension (CVE-2011-3193) Buffer overflow in processing greyscale images (CVE-2011-3194) Access to shared memory segments was insufficiently restricted, allowing local users to manipulate memory (CVE-2013-0254)
Denial of service due to unlimited expansion of XML external attributes in the XML parser (CVE-2013-4549)
Denial of service in processing malformed GIF images (CVE-2014-0190)
Denial of service vulnerability in BMP images handler (CVE-2015-0295)
Segmentation fault and potential remote code execution in Qt BPM handler (CVE-2015-1858) Segmentation fault and potential remote code execution in Qt ICO handler (CVE-2015-1859) Segmentation fault and potential remote code execution in Qt GIF handler (CVE-2015-1860)
Fixed in upstream Debian package version 4:4.6.3-4+squeeze3: CVE-2011-3193 CVE-2011-3194 CVE-2013-0254 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 The other issues above have been classified as "Minor issue" in Debian.
4:4.6.3-4+squeeze3 was imported and built to scope errata3.2-7. YAML (r63510): 2015-09-08-qt4-x11.yaml
Created attachment 7164 [details] amd64_Packages.diff
We always need to check that the packages are installable from amd64. In this case they probably weren't due to Bug 39262, see attachment above.
Advisory: OK Tests (amd64, i386): OK
<http://errata.software-univention.de/ucs/3.2/369.html>