diff options
author | Marek Vasut <marex@denx.de> | 2023-10-10 16:10:40 +0200 |
---|---|---|
committer | Martin Jansa <martin.jansa@gmail.com> | 2023-10-11 14:18:48 +0200 |
commit | 7c405994e572ccdf1e03253c5065a3d484277f68 (patch) | |
tree | 7bf34eed1fc4dc7a79bb74fc685572ba11852ed4 /recipes-qt/qt5/qtbase_git.bb | |
parent | c75c6ac99a5323746d8c92058ec7fe081efe28fe (diff) |
qtbase: Pick CVE-2023-37369 fix
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x
before 6.5.2, there can be an application crash in QXmlStreamReader
via a crafted XML string that triggers a situation in which a prefix
is greater than a length.
Advisory:
https://nvd.nist.gov/vuln/detail/CVE-2023-37369
Patch:
https://download.qt.io/official_releases/qt/5.15/CVE-2023-37369-qtbase-5.15.diff
Signed-off-by: Marek Vasut <marex@denx.de>
Diffstat (limited to 'recipes-qt/qt5/qtbase_git.bb')
-rw-r--r-- | recipes-qt/qt5/qtbase_git.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/recipes-qt/qt5/qtbase_git.bb b/recipes-qt/qt5/qtbase_git.bb index 8fcbec4e..e076e66d 100644 --- a/recipes-qt/qt5/qtbase_git.bb +++ b/recipes-qt/qt5/qtbase_git.bb @@ -43,6 +43,7 @@ SRC_URI += "\ file://CVE-2023-32763-qtbase-5.15.diff \ file://CVE-2023-33285-qtbase-5.15.diff \ file://CVE-2023-34410-qtbase-5.15.diff \ + file://CVE-2023-37369-qtbase-5.15.diff \ " # Disable LTO for now, QT5 patches are being worked upstream, perhaps revisit with |