user/qt5-qtbase: multiple vulnerabilities
| Bugzilla ID | 274 |
| Alias(es) | CVE-2015-9541, CVE-2020-13962, CVE-2020-17507 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-27 13:36:48 -0500 |
| Modified | 2020-09-16 22:01:45 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/qt5-qtbase |
| URL | https://code.foxkit.us/adelie/packages/commit/dafa0ff589 |
Description
Qt through 5.14 allows an exponential XML entity expansion attack via
a crafted SVG document that is mishandled in QXmlStreamReader, a
related issue to CVE-2003-1564.
Fixed in >= 5.12.8 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094