[ubuntu/eoan-security] qtbase-opensource-src 5.12.4+dfsg-4ubuntu1.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Feb 10 13:20:52 UTC 2020


qtbase-opensource-src (5.12.4+dfsg-4ubuntu1.1) eoan-security; urgency=medium

  * SECURITY UPDATE: DoS via text file containing many directional chars
    - debian/patches/CVE-2019-18281.patch: add bounds check to
      src/gui/text/qtextengine.cpp.
    - CVE-2019-18281
  * SECURITY UPDATE: QPluginLoader loads plugins from the CWD
    - debian/patches/CVE-2020-0569.patch: do not load plugin from the $PWD
      in src/corelib/plugin/qpluginloader.cpp.
    - CVE-2020-0569
  * SECURITY UPDATE: QLibrary loads libraries from relative path from CWD
    - debian/patches/CVE-2020-0570.patch: do not attempt to load a library
      relative to $PWD in src/corelib/plugin/qlibrary_unix.cpp.
    - CVE-2020-0570

Date: 2020-02-09 16:58:15.458163+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.12.4+dfsg-4ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Eoan-changes mailing list