- qt4-x11 (4:4.8.7+dfsg-18+rpi1+deb10u1) buster-staging; urgency=medium
++qt4-x11 (4:4.8.7+dfsg-18+rpi1+deb10u2) buster-staging; urgency=medium
+
+ [changes brought forward from 4:4.8.6+git64-g5dc8b2b+dfsg-2+rpi1 by Peter Micheal Green <plugwash@raspbian.org> at Thu, 31 Jul 2014 22:56:54 +0000]
+ * Disable neon
+
+ [changes brought forward from 4:4.8.7+dfsg-17+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Sun, 14 Apr 2019 10:25:37 +0000]
+ * Replace a number of occourances of "asm" with "__asm"
+
- -- Raspbian forward porter <root@raspbian.org> Sun, 27 Sep 2020 21:48:16 +0000
++ -- Raspbian forward porter <root@raspbian.org> Thu, 14 Sep 2023 22:46:02 +0000
++
+ qt4-x11 (4:4.8.7+dfsg-18+deb10u2) buster-security; urgency=medium
+
+ [ Scarlett Moore ]
+ * Non-maintainer upload by LTS team.
+ * Patch from Fedora to fix root certificates issue.
+ If the global configuration doesn't allow root certificates to be loaded
+ on demand then we have to disable it for qsslsocketprivate as well.
+ (Fixes: CVE-2023-34410)
+ * Patch from Fedora to fix: Uninitialized variable usage in m_unitsPerEm.
+ (Fixes: CVE-2023-32573)
+ * Add patch to do stricter error checking when parsing
+ path nodes. (Fixes: CVE-2021-45930)
+ * Add patch to clamp parsed doubles to float representable
+ values. (Fixes: CVE-2021-3481)
+
+ [ Roberto C. Sánchez ]
+ * Add patch to prevent buffer overflow when a SVG file with an image inside
+ it is rendered.
+ (Fixes: CVE-2023-32763)
+ * Add patch to prevent an application crash in QXmlStreamReader via a
+ crafted XML string that triggers a situation in which a prefix is greater
+ than a length.
+ (Fixes: CVE-2023-37369)
+ * Add patch to prevent infinite loops in recursive entity expansion.
+ (Fixes: CVE-2023-38197)
+
+ -- Roberto C. Sánchez <roberto@debian.org> Tue, 22 Aug 2023 09:42:24 -0400
qt4-x11 (4:4.8.7+dfsg-18+deb10u1) buster; urgency=medium
projects / qt4-x11.git / commitdiff