For Qt5, dev-qt/qtxml was done in [1] with 5.15.16-r1, pending stable + cleanup. For Qt6, current stable dev-qt/qtbase-6.8.2 is not affected (<6.8.0 was, versions been long removed). CVE-2025-30348: When QDom classes are used to write XML with long text segments, QDomNode::save() could hit a quadratic-complexity code path, potentially leading to a DoS if an attacker can control the rate and contents of XML serializations performed by the application, e.g. if the application packages attacker-supplied text in XML, including reading XML, changing it, and writing it back. [1] https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0a1cb6be7b1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ed92bb9b38f5206498514fd576566ca753140f5 commit 7ed92bb9b38f5206498514fd576566ca753140f5 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2025-04-21 20:51:30 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2025-04-21 20:51:37 +0000 dev-qt/qtxml: drop vulnerable 5.15.16-r0 Bug: https://bugs.gentoo.org/953398 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtxml/qtxml-5.15.16.ebuild | 29 ----------------------------- 1 file changed, 29 deletions(-)
