[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-19873 affects qt4-x11

Thu, 13 Dec 2018 03:14:48 -0800 

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e4a4e6ef by Emilio Pozuelo Monfort at 2018-12-13T11:06:32Z
CVE-2018-19873 affects qt4-x11

- - - - -
888aa4d5 by Emilio Pozuelo Monfort at 2018-12-13T11:13:45Z
CVE-2018-19870 affects qt4-x11

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2261,9 +2261,9 @@ CVE-2018-19873 [QBmpHandler segfault on malformed BMP 
file]
        RESERVED
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
        - qtbase-opensource-src <unfixed>
+       - qt4-x11 <unfixed>
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/238749/
-       TODO: check for completeness, possibly as well qt4-x11
 CVE-2018-19872
        RESERVED
 CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
@@ -2279,9 +2279,11 @@ CVE-2018-19870 [Check for QImage allocation failure in 
qgifhandler]
        RESERVED
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
        - qtbase-opensource-src <unfixed>
+       - qt4-x11 <unfixed>
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/235998/
-       TODO: check for completeness
+       NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
+       NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the 
version
 CVE-2018-19869 [Fix crash when parsing malformed url reference]
        RESERVED
        - qtsvg-opensource-src <unfixed> (low)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/6503d967995f5ad30b8f4e547d2ddaf25bc0b31b...888aa4d58a89d36e2671f37e7a7b75efb8b8dbd0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/6503d967995f5ad30b8f4e547d2ddaf25bc0b31b...888aa4d58a89d36e2671f37e7a7b75efb8b8dbd0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to