{"id":"MGASA-2021-0200","summary":"Updated qtbase5 packages fix security vulnerability","details":"QSslSocket incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing\ndenial of service in TLS applications (CVE-2020-13962)\n\nThis update provides additionals fixes:\n - Check that the sizes are even representable when checking if clipping is\n necessary (P300)\n \n - Multiply instead of shifting, The shift operator is undefined for negative\n values. (P301)\n \n - Check returns of hex2int in get_hex_rgb, Avoids undefined behavior when\n trying to shift negative values. (P302)\n \n - Sanitize lengthValue in CSS parser, Limit the LengthData to the integer \n range before rounding it, taking into account that qRound() substracts 1 from\n negative values. (P303)\n \n - QBezier: Don't try calculating a unit vector when length is null. It's\n undefined and causes a division by zero. (P304)\n \n - Avoid potential ub in corrupt bmp file. biHeight may be int_min, in which\n case qAbs\u003cint\u003e() will not work. (P305)\n \n - wasm: disable XDG_RUNTIME_DIR warning XDG is not very relevant on the Web\n platform. (P306)\n \n - Use SOURCE_DATE_EPOCH. Use the standard variable name in addition to the\n QT-specific one to make builds reproducible out-of-the-box (P308)\n \n - Fix notification of QDockWidget when it gets undocked (P309)\n \n - Synthesize Enter/LeaveEvent for accepted QTabletEvent (P310)\n \n - Fix crash when running QtCore: Stack is misaligned on x86-64 (P311)\n \n - Add support for PostgreSQL 12 (P312)\n \n - QStandardPaths: Correct handling for XDG_RUNTIME_DIR (P313)\n \n - QStandardPaths/Unix: improve the XDG_RUNTIME_DIR creation/detection (P312)\n \n - Add remote print queue support (P313) \n","modified":"2026-04-16T00:10:34.423773057Z","published":"2021-04-30T20:16:14Z","upstream":["CVE-2020-13962"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0200.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27218"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2020:4690"}],"affected":[{"package":{"name":"qtbase5","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/qtbase5?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.6-4.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0200.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}