diff options
| author | Marek Vasut <marex@denx.de> | 2023-10-10 16:13:57 +0200 |
|---|---|---|
| committer | Martin Jansa <martin.jansa@gmail.com> | 2023-10-11 14:18:48 +0200 |
| commit | 2a64bf65f12c01b1b3d79bf63bea30ff2bacf421 (patch) | |
| tree | 2b9235c8f6f3b0625574a6af4db8cb0c1ef43fda /recipes-qt/qt5/qtbase_git.bb | |
| parent | a77ea02371242d391dcccad4d97af3a685dc8a9d (diff) | |
qtbase: Pick CVE-2023-43114 fix
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10,
and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the
GDI font engine, if a corrupted font is loaded via
QFontDatabase::addApplicationFont{FromData], then it can cause
the application to crash because of missing length checks.
Advisory:
https://nvd.nist.gov/vuln/detail/CVE-2023-43114
Patch:
https://download.qt.io/official_releases/qt/5.15/CVE-2023-43114-5.15.patch
Signed-off-by: Marek Vasut <marex@denx.de>
Diffstat (limited to 'recipes-qt/qt5/qtbase_git.bb')
| -rw-r--r-- | recipes-qt/qt5/qtbase_git.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/recipes-qt/qt5/qtbase_git.bb b/recipes-qt/qt5/qtbase_git.bb index a2785617..7356c40c 100644 --- a/recipes-qt/qt5/qtbase_git.bb +++ b/recipes-qt/qt5/qtbase_git.bb @@ -45,6 +45,7 @@ SRC_URI += "\ file://CVE-2023-34410-qtbase-5.15.diff \ file://CVE-2023-37369-qtbase-5.15.diff \ file://CVE-2023-38197-qtbase-5.15.diff \ + file://CVE-2023-43114-5.15.patch \ " # Disable LTO for now, QT5 patches are being worked upstream, perhaps revisit with |