{"id":"MGASA-2019-0356","summary":"Updated QT stack fix security vulnerability","details":"This update provides the 5.12.6 QT stack maintenance release and fixes\nthe following security issue:\n\nAn out-of-bounds memory access in the generateDirectionalRuns() function\nin qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows\nattackers to cause a denial of service by crashing an application via a\ntext file containing many directional characters (CVE-2019-18281).\n\nkwin and skrooge has been rebuilt to pick up proper dependencies on the\nupdated QT packages.\n","modified":"2026-04-16T01:47:31.364502013Z","published":"2019-12-06T14:15:42Z","upstream":["CVE-2019-18281"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0356.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25651"},{"type":"WEB","url":"https://www.debian.org/security/2019/dsa-4556"}],"affected":[{"package":{"name":"kwin","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kwin?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.4-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"pyside2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/pyside2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"pyside2-tools","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/pyside2-tools?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qt3d5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qt3d5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtbase5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtbase5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtcharts5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtcharts5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtconnectivity5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtconnectivity5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtdatavis3d5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtdatavis3d5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtdeclarative5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtdeclarative5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtdoc5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtdoc5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtenginio5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtenginio5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.3-7.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtgamepad5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtgamepad5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtgraphicaleffects5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtgraphicaleffects5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtimageformats5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtimageformats5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtlocation5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtlocation5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtmultimedia5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtmultimedia5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtnetworkauth5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtnetworkauth5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtpurchasing5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtpurchasing5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtquickcontrols25","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtquickcontrols25?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtquickcontrols5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtquickcontrols5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtremoteobjects5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtremoteobjects5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtscript5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtscript5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtscxml5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtscxml5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtsensors5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtsensors5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtserialbus5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtserialbus5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtserialport5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtserialport5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtspeech5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtspeech5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtsvg5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtsvg5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qttools5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qttools5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qttranslations5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qttranslations5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtvirtualkeyboard5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtvirtualkeyboard5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtwayland5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtwayland5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtwebchannel5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtwebchannel5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtwebengine5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtwebengine5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtwebglplugin5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtwebglplugin5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtwebkit5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtwebkit5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.212.0-1.alpha3.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtwebsockets5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtwebsockets5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtwebview5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtwebview5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtx11extras5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtx11extras5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"qtxmlpatterns5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtxmlpatterns5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"shiboken2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/shiboken2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}},{"package":{"name":"skrooge","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/skrooge?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19.1-2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0356.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}