Bugzilla – Bug 1039291
VUL-0: CVE-2016-10040: libqt4,libqt5-qtbase: stack buffer overflow in QXmlSimpleReader
Last modified: 2020-04-28 13:14:26 UTC
Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote
attackers to cause a denial of service (application crash) via a xml file with
multiple nested open tags.
all of that is fixed in 4.8.7.
please submit for both packages. Thank you
ping. Please submit
The code that was patched for this bugreport doesn't exist in Qt 4.6. The code that was patched is a fix for CVE-2013-4549, which we have not fixed in SLE11.
the rest is fixed in 4.8.7, which would be a good thing to update to anyway. want me to submit 4.8.7 to SLE12?
154348 State:declined By:darix When:2018-02-09T12:36:29
maintenance_incident: home:dirkmueller:branches:SUSE:SLE-12:Update/libqt4@c3726ad7a2d7adfbbc4b3006cffdc590 -> SUSE:Maintenance (release in SUSE:SLE-12:Update)
I'm trying to submit it once more, hopefully it gets accepted now:
164467 State:review By:dirkmueller When:2018-05-05T06:45:32
maintenance_incident: home:dirkmueller:branches:SUSE:SLE-12:Update/libqt4@404d502e435fcc6314f58571cb191a23 -> SUSE:Maintenance (release in SUSE:SLE-12:Update)
it also requires request 164468 (libQtWebKit4)
SUSE-SU-2018:1902-1: An update that solves one vulnerability and has four fixes is now available.
Category: security (moderate)
Bug References: 1039291,1042657,956357,964458,982826
CVE References: CVE-2016-10040
SUSE Linux Enterprise Workstation Extension 12-SP3 (src): libqt4-4.8.7-8.6.1, libqt4-sql-plugins-4.8.7-8.6.1, qt4-qtscript-0.2.0-11.2.4
SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libQtWebKit4-4.8.7+2.3.4-4.5.1, libqca2-2.0.3-17.2.1, libqt4-4.8.7-8.6.1, libqt4-devel-doc-4.8.7-8.6.4, libqt4-sql-plugins-4.8.7-8.6.1
SUSE Linux Enterprise Server 12-SP3 (src): libQtWebKit4-4.8.7+2.3.4-4.5.1, libqca2-2.0.3-17.2.1, libqt4-4.8.7-8.6.1, libqt4-devel-doc-4.8.7-8.6.4, libqt4-sql-plugins-4.8.7-8.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src): libQtWebKit4-4.8.7+2.3.4-4.5.1, libqca2-2.0.3-17.2.1, libqt4-4.8.7-8.6.1, libqt4-sql-plugins-4.8.7-8.6.1, qt4-qtscript-0.2.0-11.2.4