Package: libqt4-xml
Severity: serious
Tags: security
Justification: security
Qt 4.8.6 has a fix for a denial of service attack due to XML entity
expansion ("billion laughs attack"). This fix doesn't seem to be in the
wheezy packages yet.
http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
Ubuntu patched their 4.8.4;
https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/1259577
Hamish
-- System Information:
Debian Release: 7.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
