Package "libqt4-xmlpatterns"
Name: |
libqt4-xmlpatterns
|
Description: |
Qt 4 XML patterns module
|
Latest version: |
4:4.8.1-0ubuntu4.9 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
qt4-x11 |
Homepage: |
http://qt.nokia.com/ |
Links
Download "libqt4-xmlpatterns"
Other versions of "libqt4-xmlpatterns" in Precise
Changelog
qt4-x11 (4:4.8.1-0ubuntu4.9) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted GIF image
- debian/patches/CVE-2014-0190.patch: check for broken image in
src/gui/image/qgifhandler.cpp.
- CVE-2014-0190
* SECURITY UPDATE: denial of service via crafted BMP
- debian/patches/CVE-2015-0295.patch: fix division by zero in
src/gui/image/qbmphandler.cpp.
- CVE-2015-0295
* SECURITY UPDATE: denial of service and possible code execution via
crafted BMP or ICO images
- debian/patches/CVE-2015-1858-1859.patch: move check to better
location in src/gui/image/qbmphandler.cpp, check depth in
src/plugins/imageformats/ico/qicohandler.cpp.
- CVE-2015-1858
- CVE-2015-1859
* SECURITY UPDATE: denial of service and possible code exection via
crafted GIF image
- debian/patches/CVE-2015-1860.patch: check bounds in
src/gui/image/qgifhandler.cpp.
- CVE-2015-1860
-- Marc Deslauriers <email address hidden> Wed, 27 May 2015 08:41:41 -0400
|
Source diff to previous version |
CVE-2014-0190 |
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and heigh |
CVE-2015-0295 |
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers t |
CVE-2015-1858 |
Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possib |
CVE-2015-1859 |
Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possib |
CVE-2015-1860 |
Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possib |
|
qt4-x11 (4:4.8.1-0ubuntu4.5) precise-security; urgency=low
* SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
- Add CVE-2013-4549.diff
- add limit in src/xml/sax/qxml.cpp
- http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
- CVE-2013-4549
-- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 22:49:13 +0000
|
Source diff to previous version |
|
qt4-x11 (4:4.8.1-0ubuntu4.4) precise-security; urgency=low
* SECURITY UPDATE: information disclosure via MITM redirect
- debian/patches/CVE-2012-5624.patch: don't redirect to file URLs in
src/declarative/qml/qdeclarativexmlhttprequest.cpp.
- CVE-2012-5624
* SECURITY UPDATE: incorrect errors with certificate verification
- debian/patches/CVE-2012-6093.patch: use openssl access functions to
properly handle layout changes in
src/network/ssl/qsslsocket_openssl.cpp,
src/network/ssl/qsslsocket_openssl_symbols.cpp,
src/network/ssl/qsslsocket_openssl_symbols_p.h.
- CVE-2012-6093
* SECURITY UPDATE: shared memory segments incorrect permissions
- debian/patches/CVE-2013-0254.patch: set appropriate permissions in
src/corelib/kernel/qsharedmemory_unix.cpp,
src/corelib/kernel/qsystemsemaphore_unix.cpp,
src/gui/image/qnativeimage.cpp,
src/gui/image/qpixmap_x11.cpp,
src/plugins/platforms/xcb/qxcbwindowsurface.cpp,
src/plugins/platforms/xlib/qxlibwindowsurface.cpp,
tools/qvfb/qvfbshmem.cpp.
- CVE-2013-0254
-- Marc Deslauriers <email address hidden> Wed, 06 Feb 2013 08:21:20 -0500
|
Source diff to previous version |
CVE-2012-5624 |
qt QML XmlHttpRequest insecure redirection |
CVE-2012-6093 |
QSslSocket may report incorrect errors when certificate verification fails |
CVE-2013-0254 |
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable |
|
qt4-x11 (4:4.8.1-0ubuntu4.3) precise-security; urgency=low
* SECURITY UPDATE: fix for SSL compression "CRIME" attack
- debian/patches/CVE-2012-4929.patch: Disable SSL compression by default
- CVE-2012-4929
- LP: #1057578
-- Seth Arnold <email address hidden> Mon, 22 Oct 2012 10:54:05 -0700
|
1057578 |
Vulnerable against \ |
CVE-2012-4929 |
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfusca |
|
About
-
Send Feedback to @ubuntu_updates