Overview

File _patchinfo of Package patchinfo.40462

<patchinfo incident="40462">
  <issue tracker="bnc" id="1243958">VUL-0: CVE-2025-5455: libqt5-qtbase,qt6-base: qtbase: crash when qDecodeDataUrl() is called with malformed data and assertions are enabled</issue>
  <issue tracker="bnc" id="1239896">VUL-0: CVE-2025-30348: libqt5-qtbase,qt6-base: qtbase: low performance when processing XML data due to encodeText in QDom using a complex algorithm</issue>
  <issue tracker="cve" id="2025-30348"/>
  <issue tracker="cve" id="2025-5455"/>
  <packager>alarrosa</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libqt5-qtbase</summary>
  <description>This update for libqt5-qtbase fixes the following issues:

Security issues fixed:

- CVE-2025-5455: processing of malformed data in `qDecodeDataUrl()` can trigger assertion and cause a crash
  (bsc#1243958).
- CVE-2025-30348: complex algorithm used in `encodeText` in QDom when processing XML data can cause low performance
  (bsc#1239896).

Other issues fixed:
   
- Initialize a member variable in `QObjectPrivate::Signal` that was uninitialized under some circumstances.
- Fix a crash when parsing a particular glyph in a particular font.
- Avoid repeatedly registering xsettings callbacks when switching cursor themes.
- Check validity of RandR output info before using it.
- Fix reparenting a window so it takes effect even if there are no other state changes to the window.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places