Overview

File _patchinfo of Package patchinfo.29896

<patchinfo incident="29896">
  <issue tracker="cve" id="2023-32763"/>
  <issue tracker="cve" id="2023-24607"/>
  <issue tracker="cve" id="2023-32762"/>
  <issue tracker="cve" id="2023-33285"/>
  <issue tracker="cve" id="2023-34410"/>
  <issue tracker="cve" id="2023-38197"/>
  <issue tracker="bnc" id="1211994">VUL-0: CVE-2023-34410: libqt5-qtbase,qt6-base: certificate validation does not always consider whether the root of a chain is a configured CA certificate</issue>
  <issue tracker="bnc" id="1211798">VUL-0: CVE-2023-32763: qt3,libqt5-qtbase,qt6-base,libqt4: When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered</issue>
  <issue tracker="bnc" id="1209616">VUL-0: CVE-2023-24607: libqt5-qtbase: qt6-base: Qt SQL ODBC driver plugin DOS</issue>
  <issue tracker="bnc" id="1213326">VUL-0: CVE-2023-38197: qt6-base,qt3,libqt4,libqt5-qtbase: infinite loops in QXmlStreamReader</issue>
  <issue tracker="bnc" id="1211642">VUL-0: CVE-2023-33285: libqt5-qtbase,qt6-base: Buffer overflow in QDnsLookup</issue>
  <issue tracker="bnc" id="1211797">VUL-0: CVE-2023-32762: qt6-base,qt3,libqt4,libqt5-qtbase: Qt Network incorrectly parses the strict-transport-security (HSTS) header</issue>
  <issue tracker="bnc" id="1211024">SLES15 SP5 RC2 - [Regression] yast partitioner hangs - worked with RC1</issue>
  <packager>alarrosa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libqt5-qtbase</summary>
  <description>This update for libqt5-qtbase fixes the following issues:


- CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616).
- CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-security (HSTS) header (bsc#1211797).
- CVE-2023-32763: Fixed buffer overflow when rendering an SVG file with an image inside it (bsc#1211798).
- CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642).
- CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994).
- CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places