Information on source package qt4-x11

Available versions

ReleaseVersion
jessie4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
jessie (security)4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2
stretch4:4.8.7+dfsg-11
buster4:4.8.7+dfsg-18
sid4:4.8.7+dfsg-18

Open issues

BugjessiestretchbustersidDescription
CVE-2018-19873fixedvulnerable (no DSA)fixedfixedAn issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...
CVE-2018-19872vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn issue was discovered in Qt 5.11. A malformed PPM image causes a div ...
CVE-2018-19871fixedvulnerable (no DSA)fixedfixedAn issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...
CVE-2018-19870fixedvulnerable (no DSA)fixedfixedAn issue was discovered in Qt before 5.11.3. A malformed GIF image cau ...
CVE-2018-19869fixedvulnerable (no DSA)fixedfixedAn issue was discovered in Qt before 5.11.3. A malformed SVG image cau ...
CVE-2018-15518fixedvulnerable (no DSA)fixedfixedQXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...
CVE-2016-10040vulnerable (no DSA, ignored)fixedfixedfixedStack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows rem ...

Open unimportant issues

BugjessiestretchbustersidDescription
TEMP-0568486-B6FCB6vulnerablevulnerablevulnerablevulnerablebrowser javascript document.write denial-of-service
TEMP-0560108-565B70vulnerablevulnerablevulnerablevulnerablebrowser-based css info disclosure
CVE-2009-3272vulnerablevulnerablevulnerablevulnerableStack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ...
CVE-2009-3015vulnerablevulnerablevulnerablevulnerableQtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ...

Resolved issues

BugDescription
CVE-2015-1860Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase m ...
CVE-2015-1859Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp ...
CVE-2015-1858Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase m ...
CVE-2015-0295The BMP decoder in QtGui in QT before 5.5 does not properly calculate ...
CVE-2014-0190The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to c ...
CVE-2013-4549QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers t ...
CVE-2013-0254The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before ...
CVE-2012-6093The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4. ...
CVE-2012-5624The XMLHttpRequest object in Qt before 4.8.4 enables http redirection ...
CVE-2012-4929The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ...
CVE-2011-3194Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt ...
CVE-2011-3193Heap-based buffer overflow in the Lookup_MarkMarkPos function in the H ...
CVE-2010-5076QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in ...
CVE-2010-3170Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...
CVE-2010-2621The QSslSocketBackendPrivate::transmit function in src_network_ssl_qss ...
CVE-2010-2490murmur DoS via malformed client query
CVE-2009-3933WebKit before r50173, as used in Google Chrome before 3.0.195.32, allo ...
CVE-2009-3384Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...
CVE-2009-2841The HTMLMediaElement::loadResource function in html/HTMLMediaElement.c ...
CVE-2009-2816The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...
CVE-2009-2797The WebKit component in Safari in Apple iPhone OS before 3.1, and iPho ...
CVE-2009-2700src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...
CVE-2009-2200WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...
CVE-2009-2199Incomplete blacklist vulnerability in WebKit in Apple Safari before 4. ...
CVE-2009-2195Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote a ...
CVE-2009-1725WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, ...
CVE-2009-1724Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...
CVE-2009-1718WebKit in Apple Safari before 4.0 allows user-assisted remote attacker ...
CVE-2009-1715Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...
CVE-2009-1714Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...
CVE-2009-1713The XSLT functionality in WebKit in Apple Safari before 4.0 does not p ...
CVE-2009-1712WebKit in Apple Safari before 4.0 does not prevent remote loading of l ...
CVE-2009-1711WebKit in Apple Safari before 4.0 does not properly initialize memory ...
CVE-2009-1710WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...
CVE-2009-1703WebKit in Apple Safari before 4.0 does not prevent references to file: ...
CVE-2009-1702Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...
CVE-2009-1701Use-after-free vulnerability in the JavaScript DOM implementation in W ...
CVE-2009-1700The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone O ...
CVE-2009-1699The XSL stylesheet implementation in WebKit in Apple Safari before 4.0 ...
CVE-2009-1698WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...
CVE-2009-1697CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPh ...
CVE-2009-1696WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...
CVE-2009-1695Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...
CVE-2009-1694WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...
CVE-2009-1693WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...
CVE-2009-1692WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iP ...
CVE-2009-1691Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...
CVE-2009-1690Use-after-free vulnerability in WebKit, as used in Apple Safari before ...
CVE-2009-1689Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...
CVE-2009-1688Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...
CVE-2009-1687The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...
CVE-2009-1686WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...
CVE-2009-1685Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...
CVE-2009-1684Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...
CVE-2009-1681WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...
CVE-2009-0945Array index error in the insertItemBefore method in WebKit, as used in ...
CVE-2008-3632Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...
CVE-2008-2307Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as d ...
CVE-2008-1026Integer overflow in the PCRE regular expression compiler (JavaScriptCo ...
CVE-2008-1025Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in S ...
CVE-2008-0298KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ca ...
CVE-2007-5965QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verif ...
CVE-2007-4137Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...
CVE-2007-3388Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdata ...
CVE-2007-0242The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does n ...
CVE-2006-4811Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 bef ...
CVE-2006-2783Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte- ...

Security announcements

DSA / DLADescription
DLA-1786-1qt4-x11 - security update
DLA-210-1qt4-x11 - security update
DLA-117-1qt4-x11 - security update
DSA-1988-1qt4-x11 - several vulnerabilities
DSA-1292-1qt4-x11

Search for package or bug name: Reporting problems