Overview

File _patchinfo of Package patchinfo.40303

<patchinfo incident="40303">
  <issue tracker="bnc" id="1196654">VUL-0: CVE-2021-45930: libqt5-qtsvg: out-of-bounds write may lead to DoS</issue>
  <issue tracker="bnc" id="1211298">VUL-0: CVE-2023-32573: libqt5-qtsvg,qt6-svg: missing initialization of QtSvg QSvgFont m_unitsPerEm</issue>
  <issue tracker="bnc" id="1211798">VUL-0: CVE-2023-32763: qt3,libqt5-qtbase,qt6-base,libqt4: When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered</issue>
  <issue tracker="bnc" id="1211994">VUL-0: CVE-2023-34410: libqt5-qtbase,qt6-base: certificate validation does not always consider whether the root of a chain is a configured CA certificate</issue>
  <issue tracker="bnc" id="1213326">VUL-0: CVE-2023-38197: qt6-base,qt3,libqt4,libqt5-qtbase: infinite loops in QXmlStreamReader</issue>
  <issue tracker="bnc" id="1214327">VUL-0: CVE-2023-37369: qt3,libqt5-qtbase,qt6-base,libqt4: buffer overflow in QXmlStreamReader</issue>
  <issue tracker="bnc" id="1245609">VUL-0: CVE-2025-5455: libqt4: qtbase: crash when qDecodeDataUrl() is called with malformed data and assertions are enabled</issue>
  <issue tracker="bnc" id="357727">lyx crashing at startup</issue>
  <issue tracker="bnc" id="552218">KDE4 print dialog forgets settings</issue>
  <issue tracker="bnc" id="656144">Root user Qt4 applications not using Oxygen-style by default</issue>
  <issue tracker="bnc" id="717127">After upgrading to KDE 4.7.1 my whole desktop is black</issue>
  <issue tracker="bnc" id="875470">VUL-0: CVE-2014-0190: libqt4: NULL pointer dereference flaw in QGIFFormat::fillRect</issue>
  <issue tracker="cve" id="2021-45930"/>
  <issue tracker="cve" id="2023-32573"/>
  <issue tracker="cve" id="2023-32763"/>
  <issue tracker="cve" id="2023-34410"/>
  <issue tracker="cve" id="2023-37369"/>
  <issue tracker="cve" id="2023-38197"/>
  <issue tracker="cve" id="2025-5455"/>
  <packager>dirkmueller</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libqt4</summary>
  <description>This update for libqt4 fixes the following issues:

- CVE-2021-45930: Fixed out-of-bounds write leading to DoS (bsc#1196654)
- CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm (bsc#1211298)
- CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file with an image inside (bsc#1211798)
- CVE-2023-34410: Fixed certificate validation not always considering whether the root of a chain is a configured CA certificate (bsc#1211994)
- CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327)
- CVE-2023-38197: Fixed infinite loops in QXmlStreamReader (bsc#1213326)
- CVE-2025-5455: Fixed denial of service when qDecodeDataUrl() is called with malformed data and assertions are enabled (bsc#1245609)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places