Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 367ec829fa56
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 25a0974c4ab3
Choose a head ref
  • 5 commits
  • 6 files changed
  • 1 contributor

Commits on Jan 30, 2019

  1. qt59.qtvirtualkeyboard: fix CVE-2018-19865 

    CVE-2018-19865 tracks the issue of qtvirtualkeyboard where it logs all
user input. With this commit we are applying the recommended patches
form the upstream project.

More details can be obtained from the Qt annoucement [1].

[1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
    @andir
    andir committed Jan 30, 2019
    Copy the full SHA
    6660128 View commit details
    Browse the repository at this point in the history

  2. qt56.qtvirtualkeyboard: init at 5.6.3 

    This adds the "missing" qtvirtualkeyboard module of qt56. I just add
this so I can apply (& test) the patches for a CVE in the next commit.
This might seem strange but in case anyone decided to add / use this in
the future we are on the safe(r) side.
    @andir
    andir committed Jan 30, 2019
    Copy the full SHA
    295a210 View commit details
    Browse the repository at this point in the history

  3. qt56: fix CVE-2018-{15518,19873,19870,19871,19865,19869} 

     * CVE-2018-15518, Qt Base: “double free or corruption” in QXmlStreamReader
 * CVE-2018-19873, Qt Base: QBmpHandler segfault on malformed BMP file
 * CVE-2018-19870, Qt Base: Check for QImage allocation failure in qgifhandler
 * CVE-2018-19871, Qt Imageformats: QImage: QTgaFile CPU exhaustion
 * CVE-2018-19865, Qt Virtual Keyboard: Qt Virtual Keyboard logs all key presses
 * CVE-2018-19869, Qt Svg: Fix crash when parsing malformed url reference

More details can be obtained from the Qt annoucement [1].

[1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
    @andir
    andir committed Jan 30, 2019
    Copy the full SHA
    066be85 View commit details
    Browse the repository at this point in the history

Commits on Jan 31, 2019

  1. qt511: 5.11.1 -> 5.11.3 

    This fixes

 * CVE-2018-15518, Qt Base: “double free or corruption” in QXmlStreamReader
 * CVE-2018-19873, Qt Base: QBmpHandler segfault on malformed BMP file
 * CVE-2018-19870, Qt Base: Check for QImage allocation failure in qgifhandler
 * CVE-2018-19871, Qt Imageformats: QImage: QTgaFile CPU exhaustion
 * CVE-2018-19865, Qt Virtual Keyboard: Qt Virtual Keyboard logs all key presses
 * CVE-2018-19869, Qt Svg: Fix crash when parsing malformed url reference

More details can be obtained from the Qt annoucement [1].

[1] https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
    @andir
    andir committed Jan 31, 2019
    Copy the full SHA
    2f5d37b View commit details
    Browse the repository at this point in the history

Commits on Feb 3, 2019

  1. Merge pull request #54986 from andir/qt 

    qt511: 5.11.1 -> 5.11.3, qt56 & qt59 security fixes
    @andir
    andir committed Feb 3, 2019
    Copy the full SHA
    25a0974 View commit details
    Browse the repository at this point in the history