Univention Bugzilla – Bug 48593
qtbase-opensource-src: Multiple issues (4.3)
Last modified: 2019-02-06 12:35:53 CET
New Debian qtbase-opensource-src 5.7.1+dfsg-3+deb9u1 fixes: This update addresses the following issues: * Double free in QXmlStreamReader (CVE-2018-15518) * QImage allocation failure in qgifhandler (CVE-2018-19870) * QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/qtbase-opensource-src_5.7.1+dfsg-3.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/qtbase-opensource-src_5.7.1+dfsg-3+deb9u1.dsc @@ -1,3 +1,12 @@ +5.7.1+dfsg-3+deb9u1 [Fri, 25 Jan 2019 11:11:01 -0300] Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>: + + * Backport fixes for: + - CVE-2018-15518: “double free or corruption” in QXmlStreamReader + - CVE-2018-19873: QBmpHandler segfault on malformed BMP file + - CVE-2018-19870: Check for QImage allocation failure in qgifhandler + * Backport ensure_pixel_density_of_at_least_1.patch in order to fix VLC after + it's security update (Closes: #907139). + 5.7.1+dfsg-3 [Wed, 11 Jan 2017 18:14:40 +0300] Dmitry Shachnev <mitya57@debian.org>: * Backport upstream change to fix accessibility-related crashes <http://10.200.17.11/4.3-3/#3299992210014841987>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 405d5ef966 Bug #48593: qtbase-opensource-src 5.7.1+dfsg-3+deb9u1 doc/errata/staging/qtbase-opensource-src.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.3/417.html>