Summary: | <dev-qt/qtsvg-5.15.2-r12: Out of bounds write | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | qt |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://invent.kde.org/qt/backports-tracker/-/issues/1258 https://invent.kde.org/qt/qt/qtsvg/-/merge_requests/8 |
||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 829923 | ||
Bug Blocks: |
Description
Sam James
2022-01-01 04:45:08 UTC
We need https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc which I don't see within Qt5PatchCollection (please verify though). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f31718294562703e041b14042f569a67ac70cfb6 commit f31718294562703e041b14042f569a67ac70cfb6 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-01-04 11:31:30 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-01-04 11:58:15 +0000 dev-qt/qtsvg: 5.15.2-r12 version bump at KDE 0cb681ea Fix CVE-2021-45930: Out of bounds write "Do stricter error checking when parsing path nodes" QTBUG: https://bugreports.qt.io/browse/QTBUG-96044 (login required) Upstream commit 5b9285c34731e67f9f1d61ec804740991f2a0380 "SVG Image reading: Reject oversize svgs as corrupt" QTBUG: https://bugreports.qt.io/browse/QTBUG-95891 Upstream commit 0cb681eacca0f757702fa409bb05d3d3650aba4e Bug: https://bugs.gentoo.org/830381 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtsvg/Manifest | 1 + dev-qt/qtsvg/qtsvg-5.15.2-r12.ebuild | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7fee31b4c1d5530bf76c21e5fe853aa43f13b5a1 commit 7fee31b4c1d5530bf76c21e5fe853aa43f13b5a1 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-01-20 12:19:39 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-01-20 13:24:21 +0000 dev-qt/qtsvg: Cleanup vulnerable 5.15.2-r11 Bug: https://bugs.gentoo.org/830381 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtsvg/Manifest | 1 - dev-qt/qtsvg/qtsvg-5.15.2-r11.ebuild | 25 ------------------------- 2 files changed, 26 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2456b87477e6ccf454b884c2405316b8102a652b commit 2456b87477e6ccf454b884c2405316b8102a652b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 09:13:29 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 09:13:49 +0000 [ GLSA 202405-26 ] qtsvg: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/830381 Bug: https://bugs.gentoo.org/906465 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-26.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) |