UbuntuUpdates.org

Package "qtbase-opensource-src"

Name: qtbase-opensource-src

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Qt 5 concurrent module
  • Qt 5 core module
  • Qt 5 D-Bus module
  • Qt 5 GUI module
Latest version: 5.9.5+dfsg-0ubuntu2.6
Release: bionic (18.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "qtbase-opensource-src" in Bionic

Repository Area Version
base universe 5.9.5+dfsg-0ubuntu1
base main 5.9.5+dfsg-0ubuntu1
security universe 5.9.5+dfsg-0ubuntu2.6
updates universe 5.9.5+dfsg-0ubuntu2.6
updates main 5.9.5+dfsg-0ubuntu2.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.9.5+dfsg-0ubuntu2.6 2021-09-16 18:06:17 UTC

  qtbase-opensource-src (5.9.5+dfsg-0ubuntu2.6) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overread in read_xbm_body
    - debian/patches/CVE-2020-17507.patch: fix buffer overflow in XBM
      parser in src/gui/image/qxbmhandler.cpp,
      tests/auto/gui/image/qimagereader/tst_qimagereader.cpp.
    - CVE-2020-17507
  * SECURITY UPDATE: out-of-bounds write in QOutlineMapper::convertPath
    - debian/patches/CVE-2021-38593-1.patch: avoid processing-intensive
      painting of high number of tiny dashes in
      src/gui/painting/qpaintengineex.cpp,
      tests/auto/other/lancelot/scripts/tinydashes.qps.
    - debian/patches/CVE-2021-38593-2.patch: improve fix for avoiding huge
      number of tiny dashes in src/gui/painting/qpaintengineex.cpp.
    - CVE-2021-38593

 -- Marc Deslauriers <email address hidden> Thu, 19 Aug 2021 09:17:52 -0400
Source diff to previous version
CVE-2020-17507 An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-r
CVE-2021-38593 Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Version: 5.9.5+dfsg-0ubuntu2.5 2020-02-10 14:06:30 UTC

  qtbase-opensource-src (5.9.5+dfsg-0ubuntu2.5) bionic-security; urgency=medium

  * SECURITY UPDATE: division-by-zero via malformed PPM image
    - debian/patches/CVE-2018-19872.patch: add extra check to
      src/gui/image/qppmhandler.cpp.
    - CVE-2018-19872
  * SECURITY UPDATE: QPluginLoader loads plugins from the CWD
    - debian/patches/CVE-2020-0569.patch: do not load plugin from the $PWD
      in src/corelib/plugin/qpluginloader.cpp.
    - CVE-2020-0569

 -- Marc Deslauriers <email address hidden> Fri, 07 Feb 2020 10:41:20 -0500
Source diff to previous version
CVE-2018-19872 An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

Version: 5.9.5+dfsg-0ubuntu2.1 2019-06-03 16:09:46 UTC

  qtbase-opensource-src (5.9.5+dfsg-0ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: double-free or corruption via illegal XML document
    - debian/patches/CVE-2018-15518.patch: fix possible heap corruption in
      QXmlStream in src/corelib/xml/qxmlstream_p.h.
    - CVE-2018-15518
  * SECURITY UPDATE: NULL pointer dereference in QGifHandler
    - debian/patches/CVE-2018-19870.patch: check for QImage allocation
      failure in src/plugins/imageformats/gif/qgifhandler.cpp.
    - CVE-2018-19870
  * SECURITY UPDATE: buffer overflow in QBmpHandler
    - debian/patches/CVE-2018-19873.patch: check for out of range image
      size in src/gui/image/qbmphandler.cpp.
    - CVE-2018-19873

 -- Marc Deslauriers <email address hidden> Mon, 25 Mar 2019 11:03:42 -0400
CVE-2018-15518 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
CVE-2018-19870 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault
CVE-2018-19873 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.


About   -   Send Feedback to @ubuntu_updates