From 7c405994e572ccdf1e03253c5065a3d484277f68 Mon Sep 17 00:00:00 2001
From: Marek Vasut <marex@denx.de>
Date: Tue, 10 Oct 2023 16:10:40 +0200
Subject: qtbase: Pick CVE-2023-37369 fix

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x
before 6.5.2, there can be an application crash in QXmlStreamReader
via a crafted XML string that triggers a situation in which a prefix
is greater than a length.

Advisory:
https://nvd.nist.gov/vuln/detail/CVE-2023-37369

Patch:
https://download.qt.io/official_releases/qt/5.15/CVE-2023-37369-qtbase-5.15.diff

Signed-off-by: Marek Vasut <marex@denx.de>
---
 recipes-qt/qt5/qtbase_git.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'recipes-qt/qt5/qtbase_git.bb')

diff --git a/recipes-qt/qt5/qtbase_git.bb b/recipes-qt/qt5/qtbase_git.bb
index 8fcbec4e..e076e66d 100644
--- a/recipes-qt/qt5/qtbase_git.bb
+++ b/recipes-qt/qt5/qtbase_git.bb
@@ -43,6 +43,7 @@ SRC_URI += "\
     file://CVE-2023-32763-qtbase-5.15.diff \
     file://CVE-2023-33285-qtbase-5.15.diff \
     file://CVE-2023-34410-qtbase-5.15.diff \
+    file://CVE-2023-37369-qtbase-5.15.diff \
 "
 
 # Disable LTO for now, QT5 patches are being worked upstream, perhaps revisit with
-- 
cgit v1.2.3