Login
Newsletter
Werbung

Sicherheit: Denial of Service in Qt
Aktuelle Meldungen Distributionen
Name: Denial of Service in Qt
ID: FEDORA-2014-5695
Distribution: Fedora
Plattformen: Fedora 20
Datum: Fr, 2. Mai 2014, 10:58
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0190
Applikationen: Qt

Originalnachricht

Name        : qt
Product : Fedora 20
Version : 4.8.6
Release : 2.fc20
URL : http://qt-project.org/
Summary : Qt toolkit
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

-------------------------------------------------------------------------------
-
Update Information:

New upstream stable bugfix release, as well as a fix for:
* DoS vulnerability in the GIF image handler (QTBUG-38367)
See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Apr 24 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-2
- DoS vulnerability in the GIF image handler (QTBUG-38367)
* Thu Apr 24 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-1
- 4.8.6 (final)
* Tue Apr 15 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-0.2.rc2
- 4.8.6-rc2
* Tue Apr 1 2014 Rex Dieter <rdieter@fedoraproject.org> - 4.8.6-0.1.rc1
- 4.8.6-rc1
* Wed Mar 26 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-24
- support ppc64le arch (#1081216)
* Sat Mar 8 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> 4.8.5-23
- fix QMAKE_STRIP handling (#1074041)
* Fri Mar 7 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-22
- respin mysql_config patch
* Fri Mar 7 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-21
- restore qt-cupsEnumDests.patch (#980952)
* Thu Mar 6 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-20
- systemtrayicon plugin support (from kubuntu)
* Tue Feb 18 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-19
- cleanup QMAKE_STRIP handling
* Wed Feb 12 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-18
- rebuild (libicu)
* Sat Feb 1 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-17
- better %rpm_macros_dir handling
* Sun Jan 26 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-16
- macros.qt4: ++%_qt4_examplesdir (keep %_qt4_examples around for
compatibility)
* Fri Jan 17 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.8.5-15
- drop "Discover printers shared by CUPS 1.6 (#980952)" (#1054312,
#980952#c18)
* Mon Jan 13 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.8.5-14
- fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
- fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
* Mon Dec 23 2013 Peter Robinson <pbrobinson@fedoraproject.org> 4.8.5-13
- Add support for aarch64 (#1046360)
* Thu Dec 5 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-12
- XML Entity Expansion Denial of Service (CVE-2013-4549)
* Wed Oct 9 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-11
- Discover printers shared by CUPS 1.6 (#980952)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1088142 - CVE-2014-0190 qt: NULL pointer dereference flaw in
QGIFFormat::fillRect
https://bugzilla.redhat.com/show_bug.cgi?id=1088142
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung