user/qt5-qtbase: multiple vulnerabilities
Bugzilla ID | 274 |
Alias(es) | CVE-2015-9541, CVE-2020-13962, CVE-2020-17507 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-04-27 13:36:48 -0500 |
Modified | 2020-09-16 22:01:45 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | user/qt5-qtbase |
URL | https://code.foxkit.us/adelie/packages/commit/dafa0ff589 |
Description
Qt through 5.14 allows an exponential XML entity expansion attack via
a crafted SVG document that is mishandled in QXmlStreamReader, a
related issue to CVE-2003-1564.
Fixed in >= 5.12.8 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094