Updated qt4/qtsvg5 packages fix security vulnerability
Publication date: 19 Jul 2023Modification date: 19 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-45930 , CVE-2023-32573
Description
Out-of-bounds write in
QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend
(CVE-2021-45930)
QtSvg QSvgFont m_unitsPerEm initialization is mishandled. (CVE-2023-32573)
References
- https://bugs.mageia.org/show_bug.cgi?id=29913
- https://ubuntu.com/security/notices/USN-5241-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V75XNX4GDB64N5BSOAN474RUXXS5OHRU/
- https://www.debian.org/lts/security/2022/dla-2895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32573
SRPMS
8/core
- qtsvg5-5.15.2-1.3.mga8
- qt4-4.8.7-35.3.mga8