Login
Newsletter
Werbung

Sicherheit: Denial of Service in Qt
Aktuelle Meldungen Distributionen
Name: Denial of Service in Qt
ID: FEDORA-2014-6083
Distribution: Fedora
Plattformen: Fedora 19
Datum: Fr, 23. Mai 2014, 23:56
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0190
Applikationen: Qt

Originalnachricht

Name        : qt
Product : Fedora 19
Version : 4.8.6
Release : 5.fc19
URL : http://qt-project.org/
Summary : Qt toolkit
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

-------------------------------------------------------------------------------
-
Update Information:

New upstream stable bugfix release, as well as a fix for:

DoS vulnerability in the GIF image handler (QTBUG-38367).
See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon May 5 2014 Rex Dieter <rdieter@fedoraproject.org> - 4.8.6-5
- drop f21 gcc-4.9 workarounds (they didn't work)
- omit qt-cupsEnumDests.patch, again, pending more testing (#980952)
* Fri Apr 25 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-4
- -fno-tree-vrp (#1091482)
* Fri Apr 25 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-3
- try -fno-delete-null-pointer-checks to workaround bug #1091482
* Thu Apr 24 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-2
- DoS vulnerability in the GIF image handler (QTBUG-38367)
* Thu Apr 24 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-1
- 4.8.6 (final)
* Tue Apr 15 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-0.2.rc2
- 4.8.6-rc2
* Tue Apr 1 2014 Rex Dieter <rdieter@fedoraproject.org> - 4.8.6-0.1.rc1
- 4.8.6-rc1
* Wed Mar 26 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-24
- support ppc64le arch (#1081216)
* Sat Mar 8 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> 4.8.5-23
- fix QMAKE_STRIP handling (#1074041)
* Fri Mar 7 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-22
- respin mysql_config patch
* Fri Mar 7 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-21
- restore qt-cupsEnumDests.patch (#980952)
* Thu Mar 6 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-20
- systemtrayicon plugin support (from kubuntu)
* Tue Feb 18 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-19
- cleanup QMAKE_STRIP handling
* Wed Feb 12 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-18
- rebuild (libicu)
* Sat Feb 1 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-17
- better %rpm_macros_dir handling
* Sun Jan 26 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-16
- macros.qt4: ++%_qt4_examplesdir (keep %_qt4_examples around for
compatibility)
* Fri Jan 17 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.8.5-15
- drop "Discover printers shared by CUPS 1.6 (#980952)" (#1054312,
#980952#c18)
* Mon Jan 13 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.8.5-14
- fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
- fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
* Mon Dec 23 2013 Peter Robinson <pbrobinson@fedoraproject.org> 4.8.5-13
- Add support for aarch64 (#1046360)
* Thu Dec 5 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-12
- XML Entity Expansion Denial of Service (CVE-2013-4549)
* Wed Oct 9 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-11
- Discover printers shared by CUPS 1.6 (#980952)
* Mon Oct 7 2013 Daniel Vrátil <dvratil@redhat.com> 4.8.5-10
- drop revert of the PostgreSQL driver patch (fixed in Akonadi 1.10.3)
* Thu Oct 3 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-9
- rework %_bindir %_qt4_bindir links to be more qtchooser friendly
* Thu Sep 12 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-8
- Keyboard shortcuts doesn't work for russian keyboard layout (#968367,
QTBUG-32908)
* Mon Aug 26 2013 Jon Ciesla <limburgher@gmail.com> - 4.8.5-7
- libmng rebuild.
* Thu Aug 8 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-6.1
- qt4 rpm macros not found by rpm in F18 (#994739)
* Tue Jul 30 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-6
- enable qtchooser support
* Tue Jul 30 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-5
- revert upstream postgresql driver changes wrt escaping (QTBUG-30076)
* Thu Jul 11 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-4
- drop qtscript(javascriptcore) debuginfo patch, savings not significant
* Thu Jul 11 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-3
- reduce debuginfo in qtwebkit(webcore) and qtscript(javascriptcore)
* Tue Jul 2 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-2
- qdbusviewer subpkg (#968336)
* Tue Jul 2 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-1
- 4.8.5 (final)
* Wed Jun 26 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-0.6.rc2
- trim changelog
- cleaner rpm_macros_dir handling
* Fri Jun 21 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-0.5.rc2
- drop multilib portion from qt_plugin_path.patch
* Tue Jun 18 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-0.4.rc2
- (re)add kde4/multilib QT_PLUGIN_PATH
* Mon Jun 10 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-0.3.rc2
- 4.8.5-rc2
* Mon Jun 10 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-0.2.rc
- RFE: Add %qmake_qt4 macro (#870199)
* Sun Jun 9 2013 Rex Dieter <rdieter@fedoraproject.org> 4.8.5-0.1.rc
- 4.8.5-RC
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1088142 - CVE-2014-0190 qt: NULL pointer dereference flaw in
QGIFFormat::fillRect
https://bugzilla.redhat.com/show_bug.cgi?id=1088142
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung