Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 915998 (CVE-2023-45872)

Summary: =dev-qt/qtsvg-6.6.0-r0 loading invalid QML image source can cause application crash (CVE-2023-45872)
Product: Gentoo Security Reporter: Ionen Wolkens <ionen>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: qt
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://lists.qt-project.org/pipermail/development/2023-October/044574.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=915582
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---

Description Ionen Wolkens gentoo-dev 2023-10-19 11:56:31 UTC 
This been patched before the CVE was assigned a week ago as part of bug #915582 in dev-qt/qtsvg-6.6.0-r1.

Unpatched 6.6.0-r0 only existed in the tree for two days.

6.5.2 and 6.5.3 should not be affected, the changes that caused this missed the release window and were scheduled for 6.5.4