VDB
GCVE-110-MAGEIA-2016-12
GCVE-110-MAGEIA-2016-12
Advisory Published
It was found that the Apache commons-collections library permitted code
execution when deserializing objects involving a specially constructed
chain of classes. A remote attacker could use this flaw to execute
arbitrary code with the permissions of the application using the
commons-collections library (CVE-2015-7501).
With this update, deserialization of certain classes in the
commons-collections library is no longer allowed. Applications that
require those classes to be deserialized can use the system property
"org.apache.commons.collections.enableUnsafeSerialization" to re-enable
their deserialization.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | qtsvg5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtwebkit5-examples-and-demos | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qt-creator | 0 (affected), 3.4.2-1.mga5 (unaffected) | — |
| Mageia | qtbase5 | 0 (affected), 5.4.2-1.1.mga5 (unaffected) | — |
| Mageia | qtserialport5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | apache-commons-collections | 0 (affected), 3.2.1-24.1.mga5 (unaffected), 0 (affected), 3.2.1-24.1.mga5 (unaffected) | — |
| Mageia | qttranslations5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtimageformats5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtconnectivity5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qttools5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtdeclarative5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtquick5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtmultimedia5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtwebkit5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtdoc5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtgraphicaleffects5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtquickcontrols5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtlocation5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtwayland5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtenginio5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtwebsockets5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | python-qt5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtscript5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
| Mageia | qtwebchannel5 | 5.4.2-1.mga5 (unaffected), 0 (affected) | — |
| Mageia | qtx11extras5 | 5.4.2-1.mga5 (unaffected), 0 (affected) | — |
| Mageia | python-sip | 0 (affected), 4.16.9-1.mga5 (unaffected) | — |
| Mageia | qtxmlpatterns5 | 0 (affected), 5.4.2-1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.