PublicDateAtUSN: 2018-12-26
Candidate: CVE-2018-15518
PublicDate: 2018-12-26 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518
 https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 https://codereview.qt-project.org/#/c/236691/
 https://ubuntu.com/security/notices/USN-4003-1
Description:
 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during
 parsing of a specially crafted illegal XML document.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_qtbase-opensource-src:
 upstream: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=6256729a6da532079505edfe4c56a6ef29cd8ab8
upstream_qtbase-opensource-src: released (5.11.3)
precise/esm_qtbase-opensource-src: DNE
trusty_qtbase-opensource-src: ignored (reached end-of-life)
trusty/esm_qtbase-opensource-src: DNE (trusty was needed)
xenial_qtbase-opensource-src: released (5.5.1+dfsg-16ubuntu7.6)
esm-infra/xenial_qtbase-opensource-src: released (5.5.1+dfsg-16ubuntu7.6)
bionic_qtbase-opensource-src: released (5.9.5+dfsg-0ubuntu2.1)
cosmic_qtbase-opensource-src: released (5.11.1+dfsg-7ubuntu3.1)
disco_qtbase-opensource-src: released (5.11.3+dfsg-2ubuntu1)
devel_qtbase-opensource-src: released (5.11.3+dfsg-2ubuntu1)