UbuntuUpdates.org

Package "qtbase-opensource-src"

Name: qtbase-opensource-src

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Qt 5 GTK2 platform theme
  • Qt 5 MySQL database driver
  • Qt 5 ODBC database driver
  • Qt 5 PostgreSQL database driver

Latest version: 5.5.1+dfsg-16ubuntu7.7
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "qtbase-opensource-src" in Xenial

Repository Area Version
base main 5.5.1+dfsg-16ubuntu7
base universe 5.5.1+dfsg-16ubuntu7
security main 5.5.1+dfsg-16ubuntu7.7
updates universe 5.5.1+dfsg-16ubuntu7.7
updates main 5.5.1+dfsg-16ubuntu7.7
PPA: Kubuntu-ppa Backports 5.6.1+dfsg-3ubuntu1~xenialoverlay1~4+fix1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.5.1+dfsg-16ubuntu7.7 2020-02-10 14:06:28 UTC

  qtbase-opensource-src (5.5.1+dfsg-16ubuntu7.7) xenial-security; urgency=medium

  * SECURITY UPDATE: division-by-zero via malformed PPM image
    - debian/patches/CVE-2018-19872.patch: add extra check to
      src/gui/image/qppmhandler.cpp.
    - CVE-2018-19872
  * SECURITY UPDATE: QPluginLoader loads plugins from the CWD
    - debian/patches/CVE-2020-0569.patch: do not load plugin from the $PWD
      in src/corelib/plugin/qpluginloader.cpp.
    - CVE-2020-0569

 -- Marc Deslauriers <email address hidden> Fri, 07 Feb 2020 10:43:53 -0500

Source diff to previous version
CVE-2018-19872 An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

Version: 5.5.1+dfsg-16ubuntu7.6 2019-06-03 16:09:42 UTC

  qtbase-opensource-src (5.5.1+dfsg-16ubuntu7.6) xenial-security; urgency=medium

  * SECURITY UPDATE: double-free or corruption via illegal XML document
    - debian/patches/CVE-2018-15518.patch: fix possible heap corruption in
      QXmlStream in src/corelib/xml/qxmlstream_p.h.
    - CVE-2018-15518
  * SECURITY UPDATE: NULL pointer dereference in QGifHandler
    - debian/patches/CVE-2018-19870.patch: check for QImage allocation
      failure in src/gui/image/qgifhandler.cpp.
    - CVE-2018-19870
  * SECURITY UPDATE: buffer overflow in QBmpHandler
    - debian/patches/CVE-2018-19873.patch: check for out of range image
      size in src/gui/image/qbmphandler.cpp.
    - CVE-2018-19873
  * debian/rules: create a HOME directory so that tests can run.
  * debian/patches/fix_failing_cookie_tests.patch: fix failing tests
    because of expired cookies.

 -- Marc Deslauriers <email address hidden> Mon, 11 Feb 2019 07:32:35 -0500

CVE-2018-15518 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
CVE-2018-19870 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault
CVE-2018-19873 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.



About   -   Send Feedback to @ubuntu_updates