Opened 3 months ago

Closed 3 months ago

Last modified 7 weeks ago

#15197 closed enhancement (fixed)

qt5 (svg) - fix CVE-2021-3481

Reported by: ken@… Owned by: ken@…
Priority: elevated Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

I noticed a fix (in mageia) this week for an out of bounds read in qtsvg, although distros (fedora, debian, arch) fixed it in March-April.

Details of the CVE are not yet public, perhaps because non-commercial Qt is still affected, but there is a summary at https://access.redhat.com/security/cve/CVE-2021-3481. This medium-severity vulnerability was found by google's fuzzing, raised as https://bugreports.qt.io/browse/QTBUG-91507 with further details at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668

I've got the patch from debian.

Change History (4)

comment:1 by ken@…, 3 months ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:3 by ken@…, 3 months ago

Resolution: fixed
Status: assignedclosed

Security Advisory SA 10.064 created.

comment:4 by Bruce Dubbs, 7 weeks ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.