[Secure-testing-team] Bug#750141: libqt4-xml: vulnerable to billion laughs attack
Hamish Moffatt
hamish at debian.org
Mon Jun 2 01:19:05 UTC 2014
Package: libqt4-xml
Severity: serious
Tags: security
Justification: security
Qt 4.8.6 has a fix for a denial of service attack due to XML entity
expansion ("billion laughs attack"). This fix doesn't seem to be in the
wheezy packages yet.
http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
Ubuntu patched their 4.8.4;
https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/1259577
Hamish
-- System Information:
Debian Release: 7.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list