Advisories » MGASA-2023-0231

Updated qt4/qtsvg5 packages fix security vulnerability

Publication date: 19 Jul 2023
Modification date: 19 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-45930 , CVE-2023-32573

Description

Out-of-bounds write in
QtPrivate::QCommonArrayOps::growAppend
(CVE-2021-45930)
QtSvg QSvgFont m_unitsPerEm initialization is mishandled. (CVE-2023-32573)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29913
• https://ubuntu.com/security/notices/USN-5241-1
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V75XNX4GDB64N5BSOAN474RUXXS5OHRU/
• https://www.debian.org/lts/security/2022/dla-2895
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45930
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32573

SRPMS

8/core

• qtsvg5-5.15.2-1.3.mga8
• qt4-4.8.7-35.3.mga8