Source: qtbase-opensource-src Version: 5.12.5+dfsg-8 Severity: important Tags: security upstream Forwarded: https://bugreports.qt.io/browse/QTBUG-47417
Hi, The following vulnerability was published for qtbase-opensource-src. CVE-2015-9541[0]: | Qt through 5.14 allows an exponential XML entity expansion attack via | a crafted SVG document that is mishandled in QXmlStreamReader, a | related issue to CVE-2003-1564. Mainly for the purpose of tracking the upstream issue downstream, it is upstream reported in QTBUG-47417[1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-9541 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9541 [1] https://bugreports.qt.io/browse/QTBUG-47417 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
