Synopsis:          Moderate: qt security update
Advisory ID:       SLSA-2020:1172-1
Issue Date:        2020-04-07
CVE Numbers:       CVE-2018-19872
                   CVE-2018-15518
                   CVE-2018-19869
                   CVE-2018-19870
                   CVE-2018-19871
                   CVE-2018-19873
--

* qt5-qtbase: Double free in QXmlStreamReader
    
* qt: Malformed PPM image causing division by zero and crash in
    qppmhandler.cpp
    
* qt5-qtsvg: Invalid parsing of malformed url reference resulting in a
    denial of service
    
* qt5-qtbase: QImage allocation failure in qgifhandler
    
* qt5-qtimageformats: QTgaFile CPU exhaustion
    
* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
--

SL7
  x86_64
    qt-4.8.7-8.el7.x86_64.rpm
    qt-x11-4.8.7-8.el7.i686.rpm
    qt-4.8.7-8.el7.i686.rpm
    qt-devel-4.8.7-8.el7.x86_64.rpm
    qt-mysql-4.8.7-8.el7.i686.rpm
    qt-odbc-4.8.7-8.el7.x86_64.rpm
    qt-odbc-4.8.7-8.el7.i686.rpm
    qt-postgresql-4.8.7-8.el7.x86_64.rpm
    qt-mysql-4.8.7-8.el7.x86_64.rpm
    qt-devel-4.8.7-8.el7.i686.rpm
    qt-x11-4.8.7-8.el7.x86_64.rpm
    qt-postgresql-4.8.7-8.el7.i686.rpm
    qt-debuginfo-4.8.7-8.el7.i686.rpm
    qt-debuginfo-4.8.7-8.el7.x86_64.rpm
    qt-assistant-4.8.7-8.el7.x86_64.rpm
    qt-config-4.8.7-8.el7.x86_64.rpm
    qt-demos-4.8.7-8.el7.x86_64.rpm
    qt-examples-4.8.7-8.el7.x86_64.rpm
    qt-qdbusviewer-4.8.7-8.el7.x86_64.rpm
    qt-qvfb-4.8.7-8.el7.x86_64.rpm
  noarch
    qt-devel-private-4.8.7-8.el7.noarch.rpm
    qt-doc-4.8.7-8.el7.noarch.rpm

- Scientific Linux Development Team