[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-19873 affects qt4-x11

Emilio Pozuelo Monfort pochu at debian.org
Thu Dec 13 11:14:21 GMT 2018 

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e4a4e6ef by Emilio Pozuelo Monfort at 2018-12-13T11:06:32Z
CVE-2018-19873 affects qt4-x11

- - - - -
888aa4d5 by Emilio Pozuelo Monfort at 2018-12-13T11:13:45Z
CVE-2018-19870 affects qt4-x11

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2261,9 +2261,9 @@ CVE-2018-19873 [QBmpHandler segfault on malformed BMP file]
 	RESERVED
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src <unfixed>
+	- qt4-x11 <unfixed>
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/238749/
-	TODO: check for completeness, possibly as well qt4-x11
 CVE-2018-19872
 	RESERVED
 CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
@@ -2279,9 +2279,11 @@ CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
 	RESERVED
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src <unfixed>
+	- qt4-x11 <unfixed>
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/235998/
-	TODO: check for completeness
+	NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
+	NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
 CVE-2018-19869 [Fix crash when parsing malformed url reference]
 	RESERVED
 	- qtsvg-opensource-src <unfixed> (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6503d967995f5ad30b8f4e547d2ddaf25bc0b31b...888aa4d58a89d36e2671f37e7a7b75efb8b8dbd0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6503d967995f5ad30b8f4e547d2ddaf25bc0b31b...888aa4d58a89d36e2671f37e7a7b75efb8b8dbd0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181213/559d9b49/attachment.html>

More information about the debian-security-tracker-commits mailing list