{"affected":[{"ecosystem_specific":{"binaries":[{"libqt4":"4.8.7-lp152.10.3.1","libqt4-32bit":"4.8.7-lp152.10.3.1","libqt4-devel":"4.8.7-lp152.10.3.1","libqt4-devel-32bit":"4.8.7-lp152.10.3.1","libqt4-devel-doc":"4.8.7-lp152.10.3.1","libqt4-devel-doc-data":"4.8.7-lp152.10.3.1","libqt4-linguist":"4.8.7-lp152.10.3.1","libqt4-private-headers-devel":"4.8.7-lp152.10.3.1","libqt4-qt3support":"4.8.7-lp152.10.3.1","libqt4-qt3support-32bit":"4.8.7-lp152.10.3.1","libqt4-sql":"4.8.7-lp152.10.3.1","libqt4-sql-32bit":"4.8.7-lp152.10.3.1","libqt4-sql-postgresql":"4.8.7-lp152.10.3.1","libqt4-sql-sqlite":"4.8.7-lp152.10.3.1","libqt4-sql-sqlite-32bit":"4.8.7-lp152.10.3.1","libqt4-sql-unixODBC":"4.8.7-lp152.10.3.1","libqt4-x11":"4.8.7-lp152.10.3.1","libqt4-x11-32bit":"4.8.7-lp152.10.3.1","qt4-x11-tools":"4.8.7-lp152.10.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"libqt4","purl":"pkg:rpm/opensuse/libqt4&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8.7-lp152.10.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libqt4":"4.8.7-lp152.10.3.1","libqt4-32bit":"4.8.7-lp152.10.3.1","libqt4-devel":"4.8.7-lp152.10.3.1","libqt4-devel-32bit":"4.8.7-lp152.10.3.1","libqt4-devel-doc":"4.8.7-lp152.10.3.1","libqt4-devel-doc-data":"4.8.7-lp152.10.3.1","libqt4-linguist":"4.8.7-lp152.10.3.1","libqt4-private-headers-devel":"4.8.7-lp152.10.3.1","libqt4-qt3support":"4.8.7-lp152.10.3.1","libqt4-qt3support-32bit":"4.8.7-lp152.10.3.1","libqt4-sql":"4.8.7-lp152.10.3.1","libqt4-sql-32bit":"4.8.7-lp152.10.3.1","libqt4-sql-postgresql":"4.8.7-lp152.10.3.1","libqt4-sql-sqlite":"4.8.7-lp152.10.3.1","libqt4-sql-sqlite-32bit":"4.8.7-lp152.10.3.1","libqt4-sql-unixODBC":"4.8.7-lp152.10.3.1","libqt4-x11":"4.8.7-lp152.10.3.1","libqt4-x11-32bit":"4.8.7-lp152.10.3.1","qt4-x11-tools":"4.8.7-lp152.10.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"libqt4-devel-doc","purl":"pkg:rpm/opensuse/libqt4-devel-doc&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8.7-lp152.10.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libqt4":"4.8.7-lp152.10.3.1","libqt4-32bit":"4.8.7-lp152.10.3.1","libqt4-devel":"4.8.7-lp152.10.3.1","libqt4-devel-32bit":"4.8.7-lp152.10.3.1","libqt4-devel-doc":"4.8.7-lp152.10.3.1","libqt4-devel-doc-data":"4.8.7-lp152.10.3.1","libqt4-linguist":"4.8.7-lp152.10.3.1","libqt4-private-headers-devel":"4.8.7-lp152.10.3.1","libqt4-qt3support":"4.8.7-lp152.10.3.1","libqt4-qt3support-32bit":"4.8.7-lp152.10.3.1","libqt4-sql":"4.8.7-lp152.10.3.1","libqt4-sql-32bit":"4.8.7-lp152.10.3.1","libqt4-sql-postgresql":"4.8.7-lp152.10.3.1","libqt4-sql-sqlite":"4.8.7-lp152.10.3.1","libqt4-sql-sqlite-32bit":"4.8.7-lp152.10.3.1","libqt4-sql-unixODBC":"4.8.7-lp152.10.3.1","libqt4-x11":"4.8.7-lp152.10.3.1","libqt4-x11-32bit":"4.8.7-lp152.10.3.1","qt4-x11-tools":"4.8.7-lp152.10.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"libqt4-sql-plugins","purl":"pkg:rpm/opensuse/libqt4-sql-plugins&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8.7-lp152.10.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libqt4 fixes the following issues:\n\n* Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507)\n* Fix 'double free or corruption' in QXmlStreamReader (boo#1118595, CVE-2018-15518)\n* Fix QBmpHandler segfault on malformed BMP file boo#1118596, CVE-2018-19873)\n* Fix crash when parsing malformed url reference (boo#1118599, CVE-2018-19869)\n\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.","id":"openSUSE-SU-2020:1501-1","modified":"2020-09-22T10:22:45Z","published":"2020-09-22T10:22:45Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3UNEB57TTFWJ3LAAGGQ4W5TXUQOAXYRV/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118595"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118596"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118599"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121214"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176315"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19873"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-17507"}],"related":["CVE-2018-15518","CVE-2018-19869","CVE-2018-19873","CVE-2020-17507"],"summary":"Security update for libqt4","upstream":["CVE-2018-15518","CVE-2018-19869","CVE-2018-19873","CVE-2020-17507"]}