Sicherheit: Denial of Service in mingw-qt5-qtbase - Pro-Linux

Name        : mingw-qt5-qtbase
Product     : Fedora 19
Version     : 5.2.1
Release     : 3.fc19
URL         : http://www.qtsoftware.com/
Summary     : Qt5 for Windows - QtBase component
Description :
This package contains the Qt software toolkit for developing
cross-platform applications.

This is the Windows version of Qt, for use in conjunction with the
Fedora Windows cross-compiler.

-------------------------------------------------------------------------------
-
Update Information:

* Fix invalid reference to qtmain when using CMake (RHBZ #1092465)
* Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837)
-------------------------------------------------------------------------------
-
ChangeLog:

* Sat May  3 2014 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.1-3
- Fix invalid reference to qtmain when using CMake (RHBZ #1092465)
- Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837)
* Sun Apr 13 2014 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.1-2
- Rebuild against gcc 4.9 (to fix paths mentioned in mkspecs/qconfig.pri)
* Sat Feb  8 2014 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.1-1
- Update to 5.2.1
* Sat Jan 11 2014 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.0-4
- Remove hard dependency on qtchooser and co-own the /etc/xdg/qtchooser folder
* Mon Jan  6 2014 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.0-3
- Split the cmake patch and moved half of its contents to the 'implib
 dll'
  patch and the other to the 'use external angle' patch as those are
 more
  proper locations
* Sun Jan  5 2014 Yaakov Selkowitz <yselkowitz@users.sourceforge.net> -
 5.2.0-2
- Fix qmake to use .dll.a extension for implibs (avoids renaming hacks in
  all mingw-qt5-* packages)
- Force usage of system zlib in Qt5Bootstrap
- Install shared libQt5BootstrapDBus for qdbuscpp2xml and qdbusxml2cpp
- Fix QMAKE_LIBS_NETWORK for static linkage
- Closes RHBZ #1048677
* Sun Jan  5 2014 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.0-1
- Update to 5.2.0
- Use the generic win32-g++ mkspecs profile instead of win32-g++-cross
  and win32-g++-cross-x64 (as is preferred by upstream)
- Add support for qtchooser
- Moved the native tools to /usr/$target/bin/qt5 (qtchooser requires the
  tools to be in an unique folder with their original file names)
  All symlinks in %{_bindir} are updated to reflect this as well
- Prevent invalid Libs.private references in generated pkg-config files
- Prevent patch backups from ending up in the mkspecs folders
- Reorganized and cleaned up the patches
* Fri Nov 29 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.0-0.4.rc1
- Update to 5.2.0 RC 1
* Wed Nov 27 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.0-0.3.beta1
- Try harder to fix detection of the uic tool when using CMake
* Tue Nov 26 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.0-0.2.beta1
- Fix detection of the uic tool when using CMake (RHBZ #1019952)
* Tue Oct 22 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.2.0-0.1.beta1
- Update to 5.2.0 beta 1
- Fix CMake support (RHBZ #1019952, RHBZ #1019947)
* Thu Sep 12 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.1.1-2
- Removed DBus 'interface' workaround patch as the issue is resolved in
 DBus upstream
* Thu Aug 29 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.1.1-1
- Update to 5.1.1
- Fix FTBFS against latest mingw-w64
* Fri Aug  2 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.1.0-5
- Re-enable R: mingw{32,64}-qt5-qttools-lrelease now that
  bootstrapping Qt5 on ARM has completed
* Wed Jul 31 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.1.0-4
- Make sure the native Qt5Bootstrap library is a shared library
- Enabled PostgreSQL support
- Removed the reference to the 'demos' folder as demos are
  bundled as separate tarballs
* Tue Jul 30 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.1.0-3
- Temporary build without R: mingw{32,64}-qt5-qttools-lrelease
  to allow mingw-qt5-qttools to be built on arm
* Sat Jul 13 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.1.0-2
- Rebuild against libpng 1.6
* Wed Jul 10 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.1.0-1
- Update to 5.1.0
- Fix detection of external pcre library
- Added BR: mingw32-pcre mingw64-pcre
* Wed Jul 10 2013 Erik van Pienbroek <epienbro@fedoraproject.org> -
 5.0.2-3
- Display message box if platform plugin cannot be found (QTBUG-31765,
 QTBUG-31760)
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1092465 - Linking fails on a cmake based project using Qt 5 since
 libqtmain.a is not found
        https://bugzilla.redhat.com/show_bug.cgi?id=1092465
  [ 2 ] Bug #1092837 - CVE-2014-0190 mingw-qt5-qtbase: qt: NULL pointer
 dereference flaw in QGIFFormat::fillRect [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1092837
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use
su -c 'yum update mingw-qt5-qtbase' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce