[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1627-1] qtbase-opensource-src security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : qtbase-opensource-src
Version        : 5.3.2+dfsg-4+deb8u3
CVE ID         : CVE-2018-15518 CVE-2018-19870 CVE-2018-19873

Multiple issues were fixed in Qt.

CVE-2018-15518
A double-free or corruption during parsing of a specially crafted 
illegal XML document.

CVE-2018-19870
A malformed GIF image might have caused a NULL pointer dereference in 
QGifHandler resulting in a segmentation fault.

CVE-2018-19873
QBmpHandler had a buffer overflow via BMP data.

For Debian 8 "Jessie", these problems have been fixed in version
5.3.2+dfsg-4+deb8u3.

We recommend that you upgrade your qtbase-opensource-src packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAlwtyNUACgkQiNJCh6LY
mLEErBAAvj8B8Na9qtToNmdouvXVERxBFhoAfFMtc9t++cq8ZwaYacHFSjQTww8n
hJKRmkvxz+QpZGz4yJlv9rL0aZD/zqQ6Rg0wqJKkHdXtzR1t/0QBN8kdTs6Vi8a7
6FcfVzcNlbRmOxfXgkY6K1Sdof8ZzyzeoOC46jJNUxRw2fogaOXpuiP2ZjcmyjbW
QqAvWB/aem3i0SpJtfh2j164mcVR6JVQA7NOnLhY6LiMT5Nxrfdqya/cpCebKVW1
SPQaqln+XZu1Qx2Z3okBjSs73N13jQNiaYzrW27Ma1oDBqrqg5gF/rVFP2v1Zerx
f3rhKiQJtscWE+nxS96wOftebWLiEAKisE2G46HKQjowEpOzNk8+Mh6unYwkYpdl
aVgD+V11Wamg174CAzQH6Xa0rdt9Pg7uRKL93biJrfQnlDWzudrDn+iF/c4Yery7
C7V8vIL9o5pshJieaNa4fOo4Y5fmmWqxIoAC0RqVLdVIvQ1sT1lz/lXp2h1HsF28
rHk0roZY13JaUGYa9kSPxoJ94Rn4U12D/zym8GNhlIonrho94wzM38j3IYSTEVxX
OGYS9J3pore0j6Vqs2x+0oMP+i5lmusT9MBh1AM1efUAkLICxMpEbgGhfYatp7tv
F4NJASOebu5en5tNhrqwlhybdFlydUTc3Ppw6i6s+q8PK6rtKic=
=I76F
-----END PGP SIGNATURE-----


Reply to: