Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in qt5-qtsvg
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in qt5-qtsvg
ID: FEDORA-2021-a95a40b78b
Distribution: Fedora
Plattformen: Fedora 34
Datum: Do, 25. März 2021, 07:44
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1931444
Applikationen: Qt

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2021-a95a40b78b
2021-03-25 00:15:39.359217
-------------------------------------------------------------------------------
-

Name : qt5-qtsvg
Product : Fedora 34
Version : 5.15.2
Release : 4.fc34
URL : http://www.qt.io
Summary : Qt5 - Support for rendering and displaying SVG
Description :
Scalable Vector Graphics (SVG) is an XML-based language for describing
two-dimensional vector graphics. Qt provides classes for rendering and
displaying SVG drawings in widgets and on other paint devices.

-------------------------------------------------------------------------------
-
Update Information:

An out of bounds read in function QRadialFetchSimd from crafted svg file may
lead to information disclosure or other potential consequences. This update
includes the backported upstream fix and should resolve the security issue.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Mar 9 2021 Than Ngo <than@redhat.com> - 5.15.2-4
- Resolves: #1931447, Out of bounds read in function QRadialFetchSimd from
crafted svg file
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1931444 - qt: Out of bounds read in function QRadialFetchSimd from
crafted svg file
https://bugzilla.redhat.com/show_bug.cgi?id=1931444
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-a95a40b78b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung