From: Raspbian automatic forward porter Date: Thu, 14 Sep 2023 22:46:02 +0000 (+0100) Subject: Merge version 4:4.8.7+dfsg-18+rpi1+deb10u1 and 4:4.8.7+dfsg-18+deb10u2 to produce... X-Git-Tag: archive/raspbian/4%4.8.7+dfsg-18+rpi1+deb10u2^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5bafb6106bf781a803638bf9ddb61f63270eda4f;p=qt4-x11.git Merge version 4:4.8.7+dfsg-18+rpi1+deb10u1 and 4:4.8.7+dfsg-18+deb10u2 to produce 4:4.8.7+dfsg-18+rpi1+deb10u2 --- 5bafb6106bf781a803638bf9ddb61f63270eda4f diff --cc debian/changelog index 892083029,97ba38c96..fb0342c45 --- a/debian/changelog +++ b/debian/changelog @@@ -1,12 -1,30 +1,40 @@@ - qt4-x11 (4:4.8.7+dfsg-18+rpi1+deb10u1) buster-staging; urgency=medium ++qt4-x11 (4:4.8.7+dfsg-18+rpi1+deb10u2) buster-staging; urgency=medium + + [changes brought forward from 4:4.8.6+git64-g5dc8b2b+dfsg-2+rpi1 by Peter Micheal Green at Thu, 31 Jul 2014 22:56:54 +0000] + * Disable neon + + [changes brought forward from 4:4.8.7+dfsg-17+rpi2 by Peter Michael Green at Sun, 14 Apr 2019 10:25:37 +0000] + * Replace a number of occourances of "asm" with "__asm" + - -- Raspbian forward porter Sun, 27 Sep 2020 21:48:16 +0000 ++ -- Raspbian forward porter Thu, 14 Sep 2023 22:46:02 +0000 ++ + qt4-x11 (4:4.8.7+dfsg-18+deb10u2) buster-security; urgency=medium + + [ Scarlett Moore ] + * Non-maintainer upload by LTS team. + * Patch from Fedora to fix root certificates issue. + If the global configuration doesn't allow root certificates to be loaded + on demand then we have to disable it for qsslsocketprivate as well. + (Fixes: CVE-2023-34410) + * Patch from Fedora to fix: Uninitialized variable usage in m_unitsPerEm. + (Fixes: CVE-2023-32573) + * Add patch to do stricter error checking when parsing + path nodes. (Fixes: CVE-2021-45930) + * Add patch to clamp parsed doubles to float representable + values. (Fixes: CVE-2021-3481) + + [ Roberto C. Sánchez ] + * Add patch to prevent buffer overflow when a SVG file with an image inside + it is rendered. + (Fixes: CVE-2023-32763) + * Add patch to prevent an application crash in QXmlStreamReader via a + crafted XML string that triggers a situation in which a prefix is greater + than a length. + (Fixes: CVE-2023-37369) + * Add patch to prevent infinite loops in recursive entity expansion. + (Fixes: CVE-2023-38197) + + -- Roberto C. Sánchez Tue, 22 Aug 2023 09:42:24 -0400 qt4-x11 (4:4.8.7+dfsg-18+deb10u1) buster; urgency=medium