[SECURITY] [DLA 2422-1] qtsvg-opensource-src security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update
From: Adrian Bunk <bunk@debian.org>
Date: Sat, 31 Oct 2020 22:15:07 +0200
Message-id: <[🔎] 20201031201507.GA26547@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2422-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
October 31, 2020                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : qtsvg-opensource-src
Version        : 5.7.1~20161021-2.1
CVE ID         : CVE-2018-19869
Debian Bug     : 

Malformed SVG images were able to cause a segmentation fault
in qtsvg-opensource-src, the QtSvg module for displaying the
contents of SVG files in Qt.

For Debian 9 stretch, this problem has been fixed in version
5.7.1~20161021-2.1.

We recommend that you upgrade your qtsvg-opensource-src packages.

For the detailed security status of qtsvg-opensource-src please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qtsvg-opensource-src

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+dxcsACgkQiNJCh6LY
mLG5chAAhttxchFhyPpQZaAnamgdSsXwNgfpMWQG0nz/YBuOiOceo24PpJImrMLq
j6r507IcfqZeX28AtwuiMSMoW1hUvW53BCK5C7GArJXe2iHtDKeb36S8uf4+kskR
12rj3yHnkAFmc+4JadaYyosxwxj1ciCHtikAcNrCbC4jbKS2txotou7Rjht/NCL5
WmmGamsZ6RQbZrqzL0rGpk9jNsuSigA2QEpi2hOpHbNtbJjlyv1vcc2dKIXDPJjq
06wB2XQKKBmQT1zoEERHHBt/2hRnAEiYtxvFkk6B+Vwfpmhnn4MYWroEkltYNE6K
YeHMTlpUOXFCsHCyrPqa5u8YlKjDPLs+UBuwdzcFCri1D46Bhh7Hq3GVlqDIrYRQ
ICfliKULhFqUbNDPZYG5GSa7OO6swr/ZU7FYJM2MfNUimebtvGMv/dKi0BdGm+zF
MZMoWsn0cu6xsSFZ1q7UrYaIkfM+2Wvzpy/rAPG3KxowLRMEMq5N5MU5VLKvQnnv
I6aX+6FSh3B1tyEZqenYI6JSCCpg1/qY2aoTTOPwKgVoR4c0CWMzRDxsrMD4oXJE
KnYqipercdlKJfGWVsQq0shWaejwarhcXCEtl8IOaHI/dTsDOXKv38hYtR7RUSqM
mPXaysECmB9UWjjbSAuMx0aIiR5l70Iccaf1wq1ixvEJrMJb5ic=
=HLXE
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2420-2] linux regression update
Next by Date: [SECURITY] [DLA 2423-1] wireshark security update
Previous by thread: [SECURITY] [DLA 2420-2] linux regression update
Next by thread: [SECURITY] [DLA 2423-1] wireshark security update
Index(es):
- Date
- Thread