Univention Bugzilla – Bug 54373
qt4-x11: Multiple issues (4.4)
Last modified: 2022-01-26 16:57:47 CET
New Debian qt4-x11 4:4.8.7+dfsg-11+deb9u3 fixes: This update addresses the following issues: * Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481) * out-of-bounds write may lead to DoS (CVE-2021-45930)
--- mirror/ftp/4.4/unmaintained/4.4-7/source/qt4-x11_4.8.7+dfsg-11+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/qt4-x11_4.8.7+dfsg-11+deb9u3.dsc @@ -1,3 +1,15 @@ +4:4.8.7+dfsg-11+deb9u3 [Mon, 24 Jan 2022 16:25:59 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Add patch to do stricter error checking when parsing + path nodes. (Fixes: CVE-2021-45930) (Closes: #1002991) + +4:4.8.7+dfsg-11+deb9u2 [Mon, 24 Jan 2022 05:59:04 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Add patch to clamp parsed doubles to float representable + values. (Fixes: CVE-2021-3481) (Closes: #986798) + 4:4.8.7+dfsg-11+deb9u1 [Sun, 20 Sep 2020 22:01:50 +0300] Adrian Bunk <bunk@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/4.4-8/#3446211225075985138>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] a1f0ff6176 Bug #54373: qt4-x11 4:4.8.7+dfsg-11+deb9u3 doc/errata/staging/qt4-x11.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.4-8] d9b8104267 Bug #54373: qt4-x11 4:4.8.7+dfsg-11+deb9u3 doc/errata/staging/qt4-x11.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1164>