Hi,
On Sun, Jun 01, 2014 at 11:30:15PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
tag 750141 moreinfo
thanks
On Monday 02 June 2014 11:19:05 Hamish Moffatt wrote:
Package: libqt4-xml
Severity: serious
Tags: security
Justification: security
Qt 4.8.6 has a fix for a denial of service attack due to XML entity
expansion ("billion laughs attack"). This fix doesn't seem to be in the
wheezy packages yet.
http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
Ubuntu patched their 4.8.4;
https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/1259577
Hi Hamish! I patched Qt4 for jessie at that time but IIRC (I might be mixing
CVEs here) when I asked someone from the security team over IRC (or maybe by
mail, I don't remember now) they told me it wasn't too important to get an
update in stable.
Yep, perl mail It was on 2013-12-06, where Moritz had written:
Hi Lisandro,
this doesn't warrant a DSA. It can be fixed through a point update, though
or we can line it up for a future QT DSA.
Cheers,
Moritz
For the BTS, I think this was fixed in 4:4.8.5+git192-g085f851+dfsg-1.