ubuntu-sdk-bugs team mailing list archive
-
ubuntu-sdk-bugs team
-
Mailing list archive
-
Message #08115
[Bug 1950193] Re: libqt5svg5 affected by CVE-2021-38593
> Anything I can do now to help this arrive in 20.04?
No, I just need to find some free time again. Thanks for reminding me.
** Also affects: qtbase-opensource-src (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1950193
Title:
libqt5svg5 affected by CVE-2021-38593
Status in qtbase-opensource-src package in Ubuntu:
Fix Released
Status in qtbase-opensource-src source package in Focal:
New
Bug description:
libqt5svg5 5.12.8-0ubuntu1 in Ubuntu 20.04 is affected by CVE-2021-38593:
https://nvd.nist.gov/vuln/detail/CVE-2021-38593
Trying to open the attached svg file will block one core at 100% and occupy much memory. Depending on the configuration, it might even run out of memory and crash. This is fixed upstream by:
https://codereview.qt-project.org/c/qt/qtbase/+/377942
The original issue is public since July 29th. If I'm allowed to upload
further files, I'll send a simple test program.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libqt5svg5 5.12.8-0ubuntu1
ProcVersionSignature: Ubuntu 5.14.0-1005.5-oem 5.14.9
Uname: Linux 5.14.0-1005-oem x86_64
ApportVersion: 2.20.11-0ubuntu27.21
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: GNOME
Date: Mon Nov 8 20:24:34 2021
InstallationDate: Installed on 2012-07-06 (3411 days ago)
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
ProcEnviron:
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: qtsvg-opensource-src
UpgradeStatus: Upgraded to focal on 2020-10-03 (400 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1950193/+subscriptions