| Package | qtbase-opensource-src |
|---|---|
| Version | 5.7.1+dfsg-3+deb9u6 (stretch) |
| Related CVEs | CVE-2015-9541 |
An exponential XML entity expansion was discovered in Qt, a cross-platform C++ application framework. A crafted SVG document was mishandled in QXmlStreamReader and would cause a denial of service, a related issue to CVE 2003-1564 (“billion laughs attack”).
For Debian 9 stretch, these problems have been fixed in version 5.7.1+dfsg-3+deb9u6.
We recommend that you upgrade your qtbase-opensource-src packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.