This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201403-04">
<title>QtCore: Denial of Service</title>
<synopsis>A vulnerability in QXmlSimpleReader class can be used to cause a
Denial of Service condition.
</synopsis>
<producttype="ebuild">qt-core</product>
<announced>2014-03-13</announced>
<revisedcount="1">2014-03-13</revised>
<bug>494728</bug>
<access>remote</access>
<affected>
<packagename="dev-qt/qtcore"auto="yes"arch="*">
<unaffectedrange="ge">4.8.5-r1</unaffected>
<vulnerablerange="lt">4.8.5-r1</vulnerable>
</package>
</affected>
<background>
<p>The Qt toolkit is a comprehensive C++ application development framework.</p>
</background>
<description>
<p>A vulnerability in QXmlSimpleReader’s XML entity parsing has been
discovered.
</p>
</description>
<impacttype="normal">
<p>A remote attacker could entice a user to open a specially crafted XML
file using an application linked against QtCore, possibly resulting in
Denial of Service.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All QtCore users should upgrade to the latest version:</p>