[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2376-1] qtbase-opensource-src security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2376-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 21, 2020                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : qtbase-opensource-src
Version        : 5.7.1+dfsg-3+deb9u3
CVE ID         : CVE-2018-19872 CVE-2020-17507
Debian Bug     : 968444

Several vulnerabilities were fixed in the Qt toolkit.

CVE-2018-19872

    A malformed PPM image causes a crash.

CVE-2020-17507

    Buffer over-read in the XBM parser.

For Debian 9 stretch, these problems have been fixed in version
5.7.1+dfsg-3+deb9u3.

We recommend that you upgrade your qtbase-opensource-src packages.

For the detailed security status of qtbase-opensource-src please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qtbase-opensource-src

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9xifwACgkQiNJCh6LY
mLHjqQ//Yw57PcZCXFppNUunjWufa4aiYUDGAwKY2TFknhkobY4APaKO3X3KV5E7
M3rsS82MSzLmf0qNYHuS+7o/6XFGK20zhx/pc8Y4Hy/yIQfEAm+8ac/m6+zFFq0m
V9C+HIt51DWSutMvmnZ3EObOTm4NUjJAcSXKUNx0Zod7nhSEmBAlUy22IqwqCUoj
+d4HRnA1DcV8Rk5WJpuM7Pv4X+Llc1PjeG8pw3w8yQijIBwY8NHEDjOnh7h0La1P
PsiyMIoMsSr9EM2Pu6bPqTdhDOtLH0eE+L7g+stg3EgflFC56qi/Q/9Ji/vxVwIR
WIplL32Rl5AF9Axp+LkL4We5QpTapW+JU+qbnNYdblr7NPPM5a6bQXr86sokHypk
Us8btDZq/ZkwCZM5a90QZUPy3fc2bdOFNnZMU+Hpq2dEnbFm0WEbIMOhnenLS+9H
ubtyRLkUkXfOvezjqx4V2CfHKHWc/FXUdF3amLE/PzLdmA9YI6zUVNHdVh+MqU6T
GhKRERupSRywYP2ayxqM/sNlcnI8IODc8JG7PdRBrBqhTWHlm+Ik5BvE1oQCWLXE
BPofZSR09VmoV7V6ptjFJmGPYWj5eBz/qLQtCIiihy/HIppruTz5nt2a8eOvS6k4
JR/EW+szcpEHG4CQdoaWo9Y5JHRXfpvly4b950NwA5rhJw+q2W0=
=9YVf
-----END PGP SIGNATURE-----


Reply to: