File _patchinfo of Package patchinfo.31633

<patchinfo incident="31633">
  <issue tracker="cve" id="2021-45930"/>
  <issue tracker="cve" id="2023-38197"/>
  <issue tracker="cve" id="2023-37369"/>
  <issue tracker="cve" id="2023-34410"/>
  <issue tracker="cve" id="2023-32573"/>
  <issue tracker="cve" id="2023-32763"/>
  <issue tracker="bnc" id="1211298">VUL-0: CVE-2023-32573: libqt5-qtsvg,qt6-svg: missing initialization of QtSvg QSvgFont m_unitsPerEm</issue>
  <issue tracker="bnc" id="1211798">VUL-0: CVE-2023-32763: qt3,libqt5-qtbase,qt6-base,libqt4: When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered</issue>
  <issue tracker="bnc" id="1213326">VUL-0: CVE-2023-38197: qt6-base,qt3,libqt4,libqt5-qtbase: infinite loops in QXmlStreamReader</issue>
  <issue tracker="bnc" id="1214327">VUL-0: CVE-2023-37369: qt3,libqt5-qtbase,qt6-base,libqt4: buffer overflow in QXmlStreamReader</issue>
  <issue tracker="bnc" id="1196654">VUL-0: CVE-2021-45930: libqt5-qtsvg: out-of-bounds write may lead to DoS</issue>
  <issue tracker="bnc" id="1211994">VUL-0: CVE-2023-34410: libqt5-qtbase,qt6-base: certificate validation does not always consider whether the root of a chain is a configured CA certificate</issue>
  <packager>dirkmueller</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libqt4</summary>
  <description>This update for libqt4 fixes the following issues:

- CVE-2021-45930: Fix out of-bounds write when parsing path nodes (bsc#1196654).
- CVE-2023-32573: Fix missing initialization of QSvgFont unitsPerEm (bsc#1211298).
- CVE-2023-32763: Fix potential buffer when rendering a SVG file with an image inside (bsc#1211798).
- CVE-2023-34410: Fix missing sync of disablement of loading root certificates in qsslsocketprivate (bsc#1211994).
- CVE-2023-37369: Fix buffer overflow in QXmlStreamReader (bsc#1214327).
- CVE-2023-38197: Fix infinite loops in QXmlStreamReader (bsc#1213326).
</description>
</patchinfo>