tag 750141 moreinfo
thanks
On Monday 02 June 2014 11:19:05 Hamish Moffatt wrote:
> Package: libqt4-xml
> Severity: serious
> Tags: security
> Justification: security
>
> Qt 4.8.6 has a fix for a denial of service attack due to XML entity
> expansion ("billion laughs attack"). This fix doesn't seem to be in the
> wheezy packages yet.
>
> http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
>
> Ubuntu patched their 4.8.4;
>
> https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/1259577
Hi Hamish! I patched Qt4 for jessie at that time but IIRC (I might be mixing
CVEs here) when I asked someone from the security team over IRC (or maybe by
mail, I don't remember now) they told me it wasn't too important to get an
update in stable.
Now if you can give me an example that shows it deserves an RC bug I can
prepare a fix.
Thanks, Lisandro.
--
16: De quien es Internet
* De DIOS dado que todas las cosas del mundo le pertenecen
Damian Nadales
http://mx.grulic.org.ar/lurker/message/20080307.141449.a70fb2fc.es.html
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
Attachment:
signature.asc
Description: This is a digitally signed message part.