ALT-PU-2023-4345-2
Package qt5-webengine updated to version 5.15.14-alt1 for branch sisyphus in task 324640.
Closed vulnerabilities
Published: 2023-05-10
Modified: 2025-01-28
Modified: 2025-01-28
CVE-2023-32573
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://codereview.qt-project.org/c/qt/qtsvg/+/474093
- https://codereview.qt-project.org/c/qt/qtsvg/+/474093
- [debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update
- [debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update
- FEDORA-2023-0d4b3316f6
- FEDORA-2023-0d4b3316f6
Published: 2023-05-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-32762
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:
- https://codereview.qt-project.org/c/qt/qtbase/+/476140
- https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
- [debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update
- https://lists.qt-project.org/pipermail/announce/2023-May/000414.html
- https://codereview.qt-project.org/c/qt/qtbase/+/476140
- https://lists.qt-project.org/pipermail/announce/2023-May/000414.html
- [debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update
- https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305