Bugzilla – Bug 1211298
VUL-0: CVE-2023-32573: libqt5-qtsvg,qt6-svg: missing initialization of QtSvg QSvgFont m_unitsPerEm
Last modified: 2024-05-07 11:37:30 UTC
CVE-2023-32573 In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32573 https://www.cve.org/CVERecord?id=CVE-2023-32573 https://codereview.qt-project.org/c/qt/qtsvg/+/474093
Tracking as affected: - SUSE:SLE-12-SP2:Update/libqt5-qtsvg 5.6.1 - SUSE:SLE-12-SP3:Update/libqt5-qtsvg 5.6.2 - SUSE:SLE-15-SP1:Update/libqt5-qtsvg 5.9.7 - SUSE:SLE-15-SP2:Update/libqt5-qtsvg 5.12.7 - SUSE:SLE-15-SP4:Update/libqt5-qtsvg 5.15.2+kde16 - SUSE:SLE-15-SP5:Update/libqt5-qtsvg 5.15.8+kde8 - SUSE:SLE-15:Update/libqt5-qtsvg 5.9.4 - openSUSE:Factory/libqt5-qtsvg 5.15.9+kde7 - openSUSE:Factory/qt6-svg 6.5.0 Upstream patch: https://codereview.qt-project.org/c/qt/qtsvg/+/474093
(In reply to Gabriele Sonnu from comment #1) > Upstream patch: > > https://codereview.qt-project.org/c/qt/qtsvg/+/474093 Sorry, wrong link. Here's the right one: https://codereview.qt-project.org/gitweb?p=qt/qtsvg.git;a=patch;h=ff22c3ccf8ccf813fdcfda23f7740ba73ba5ce0a
This is an autogenerated message for OBS integration: This bug (1211298) was mentioned in https://build.opensuse.org/request/show/1086202 Factory / qt6-svg https://build.opensuse.org/request/show/1086207 Backports:SLE-15-SP4 / qt6-svg https://build.opensuse.org/request/show/1086215 Backports:SLE-15-SP5 / qt6-svg
openSUSE-SU-2023:0111-1: An update that fixes one vulnerability is now available.\n\nCategory: security (moderate)\nBug References: 1211298\nCVE References: CVE-2023-32573\nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP4 (src): qt6-svg-6.2.2-bp154.2.3.1, qt6-svg-docs-6.2.2-bp154.2.3.1\n\n
SUSE-SU-2023:2969-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1196654, 1211298 CVE References: CVE-2021-45930, CVE-2023-32573 Sources used: openSUSE Leap 15.5 (src): libqt5-qtsvg-5.15.8+kde8-150500.3.3.1 Basesystem Module 15-SP5 (src): libqt5-qtsvg-5.15.8+kde8-150500.3.3.1 Desktop Applications Module 15-SP5 (src): libqt5-qtsvg-5.15.8+kde8-150500.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2981-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1196654, 1211298 CVE References: CVE-2021-45930, CVE-2023-32573 Sources used: openSUSE Leap 15.4 (src): libqt5-qtsvg-5.15.2+kde16-150400.3.3.1 Basesystem Module 15-SP4 (src): libqt5-qtsvg-5.15.2+kde16-150400.3.3.1 Desktop Applications Module 15-SP4 (src): libqt5-qtsvg-5.15.2+kde16-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3209-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1196654, 1211298 CVE References: CVE-2021-45930, CVE-2023-32573 Sources used: SUSE Linux Enterprise Real Time 15 SP3 (src): libqt5-qtsvg-5.12.7-150200.3.8.1 SUSE Manager Proxy 4.2 (src): libqt5-qtsvg-5.12.7-150200.3.8.1 SUSE Manager Retail Branch Server 4.2 (src): libqt5-qtsvg-5.12.7-150200.3.8.1 SUSE Manager Server 4.2 (src): libqt5-qtsvg-5.12.7-150200.3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4622-1: An update that solves six vulnerabilities can now be installed. Category: security (important) Bug References: 1196654, 1211298, 1211798, 1211994, 1213326, 1214327 CVE References: CVE-2021-45930, CVE-2023-32573, CVE-2023-32763, CVE-2023-34410, CVE-2023-37369, CVE-2023-38197 Sources used: SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libqt4-devel-doc-4.8.7-8.19.1, libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): libqt4-devel-doc-4.8.7-8.19.1, libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 SUSE Linux Enterprise Server 12 SP5 (src): libqt4-devel-doc-4.8.7-8.19.1, libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): libqt4-devel-doc-4.8.7-8.19.1, libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2967-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1196654, 1211298 CVE References: CVE-2021-45930, CVE-2023-32573 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libqt5-qtsvg-5.6.2-3.11.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): libqt5-qtsvg-5.6.2-3.11.1 SUSE Linux Enterprise Server 12 SP5 (src): libqt5-qtsvg-5.6.2-3.11.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): libqt5-qtsvg-5.6.2-3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing