[Touch-packages] [Bug 1950193]

Marc Deslauriers Tue, 23 Nov 2021 05:06:14 -0800

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures


** Tags added: community-security

** Information type changed from Private Security to Public Security

** Changed in: qtsvg-opensource-src (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtsvg-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1950193

Title:
  libqt5svg5 affected by CVE-2021-38593

Status in qtsvg-opensource-src package in Ubuntu:
  Confirmed

Bug description:
  libqt5svg5 5.12.8-0ubuntu1 in Ubuntu 20.04 is affected by CVE-2021-38593:
  https://nvd.nist.gov/vuln/detail/CVE-2021-38593

  Trying to open the attached svg file will block one core at 100% and occupy 
much memory. Depending on the configuration, it might even run out of memory 
and crash. This is fixed upstream by:
  https://codereview.qt-project.org/c/qt/qtbase/+/377942

  The original issue is public since July 29th. If I'm allowed to upload
  further files, I'll send a simple test program.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: libqt5svg5 5.12.8-0ubuntu1
  ProcVersionSignature: Ubuntu 5.14.0-1005.5-oem 5.14.9
  Uname: Linux 5.14.0-1005-oem x86_64
  ApportVersion: 2.20.11-0ubuntu27.21
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: GNOME
  Date: Mon Nov  8 20:24:34 2021
  InstallationDate: Installed on 2012-07-06 (3411 days ago)
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 
(20120425)
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SourcePackage: qtsvg-opensource-src
  UpgradeStatus: Upgraded to focal on 2020-10-03 (400 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtsvg-opensource-src/+bug/1950193/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1950193]

Reply via email to