Accepted qt4-x11 4:4.8.7+dfsg-18 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 12 Apr 2019 23:10:28 +0300
Source: qt4-x11
Architecture: source
Version: 4:4.8.7+dfsg-18
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 923003
Changes:
qt4-x11 (4:4.8.7+dfsg-18) unstable; urgency=medium
.
* Team upload.
.
[ Edward Betts ]
* debian/NEWS: Replace UNRELEASED with unstable.
.
[ Alexander Volkov ]
* Backport some vulnerability fixes from Qt 5 (closes: #923003).
- CVE-2018-15518: double free or corruption in QXmlStreamReader.
- CVE-2018-19869: Qt Svg crash when parsing malformed url reference.
- CVE-2018-19870: NULL pointer dereference in QGifHandler.
- CVE-2018-19871: QTgaFile CPU exhaustion.
- CVE-2018-19872: crash when parsing a malformed PPM image.
- CVE-2018-19873: QBmpHandler segfault on malformed BMP file.
Checksums-Sha1:
8c60ce5ccb9566790121d04454f740d1bf18a707 6050 qt4-x11_4.8.7+dfsg-18.dsc
c36d8ec6dbf1ca0277df157bea2b8fa4006c31fb 328360 qt4-x11_4.8.7+dfsg-18.debian.tar.xz
c281f877990f6fee9621140d562544ff6e3f6ccf 13480 qt4-x11_4.8.7+dfsg-18_source.buildinfo
Checksums-Sha256:
094e2ec62f777e3377327c98d7d82274bff983b4a0bd1220143ba5ffd1bb3f39 6050 qt4-x11_4.8.7+dfsg-18.dsc
63eb69acb9b3cc57a2292e71e3affbf5d7378387e8f8ecd85bfee4e581c4fee9 328360 qt4-x11_4.8.7+dfsg-18.debian.tar.xz
2986770440eea9eb36e42a56fabb914ad335eba1ab9de38c0635d70adb29f27e 13480 qt4-x11_4.8.7+dfsg-18_source.buildinfo
Files:
8f3ee3c876d971e8b1cdec5f19375c73 6050 oldlibs optional qt4-x11_4.8.7+dfsg-18.dsc
9ade800670d889ae4c91bfd54dc4c244 328360 oldlibs optional qt4-x11_4.8.7+dfsg-18.debian.tar.xz
80658a5f2f372848c0cccb7bfea4cfdb 13480 oldlibs optional qt4-x11_4.8.7+dfsg-18_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEE8kKZ/xu8kBi5BqTLYCaTbS8ciuAFAlyw8uQTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBgJpNtLxyK4JH5D/4i/kDi6DgW3x13uloD7sx6Wsz5AIGT
Ud5q3g3d3swaUOrfNgQWG693WM650CGIxDkw7ziUr7F4+yF0hP28xkAJbtAMsDcf
TtGJj3hoDZYBBLpM+EUfL2N92cjFWsWGpodW5D5K/0Lvj2tBOV1df6U9FyJ2+RGB
SZAOqnQJ5N0QNaXq6e5ux44z4phxEANMJtu5aRMazjiOs8CJt20OBv0PSVwAKn9O
xwVIb68fyvsrOTj9zTi8VHi/nOI5RisEFH84Kevl4oLQEYnmelFBKfE7fSrhwtvl
v5z7kF+8iTdt8fyBhRlHEfCopd8yTB9DdmZNfPthhu3SMythzz++7a3bbpW3OeXa
oZ7THc3aJjMstDMaht7Fks72WU44JTTMpo4OSxUMsHYpDirv24bQbf2cQVFBPhHS
9RLL0tQrrU1XkPi1y9Ky7MO7NtNIOpp/IOoLUhmQwnV9S/H+NZPtWxDiLI7ebp7E
1fepFLA87BNkBQsr4/jj9RpNSvzg6aNl3kfr9+9SqZzcPk9iEMQNyaMOax7OOVru
WqsJ8rB+NNRAm6QXQ+OGiBJ0TZRcjzDpBlgqU+FMZiFk8voDhk6aP9v3WGLzbmKN
niP+xbV4vdADsWHKuHKQ4dkcuQhO4Xf2Ru2A3YuQBw+m96uXsnBaACyNG+gDxXpU
tb7AiI3AzCyQ+g==
=/zyv
-----END PGP SIGNATURE-----