Joined: 12 May 2004
|Posted: Thu Mar 13, 2014 6:26 pm Post subject: [ GLSA 201403-04 ] QtCore: Denial of Service
|Gentoo Linux Security Advisory
Title: QtCore: Denial of Service (GLSA 201403-04)
Date: March 13, 2014
A vulnerability in QXmlSimpleReader class can be used to cause a
Denial of Service condition.
The Qt toolkit is a comprehensive C++ application development framework.
Vulnerable: < 4.8.5-r1
Unaffected: >= 4.8.5-r1
Architectures: All supported architectures
A vulnerability in QXmlSimpleReader’s XML entity parsing has been
A remote attacker could entice a user to open a specially crafted XML
file using an application linked against QtCore, possibly resulting in
Denial of Service.
There is no known workaround at this time.
All QtCore users should upgrade to the latest version:
Packages which depend on this library may need to be recompiled. Tools
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.5-r1"
such as revdep-rebuild may assist in identifying these packages.