--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2002 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2002 2005-02-17 ---------------------------------------------------------------------
Name : qt Versions : rh7.3: qt-3.0.5-7.16.legacy Versions : rh9: qt-3.1.1-8.legacy Summary : The shared library for the Qt GUI toolkit. Description : Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.
Qt is written in C++ and is fully object-oriented.
This package contains the shared library needed to run qt applications, as well as the README files for qt.
--------------------------------------------------------------------- Update Information:
Updated qt packages that fix security issues in several of the image decoders are now available.
Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.
During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0691 to this issue.
Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues.
Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues.
--------------------------------------------------------------------- Changelogs
rh73:
* Sat Feb 12 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.0.5-7.16.legacy
- Added missing BuildRequires: freetype-devel, expat-devel, XFree86-devel
* Wed Sep 08 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.0.5-7.15.legacy
- Added security patch for CAN-2004-0691/0692/0693
rh9:
* Sat Feb 12 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.1.1-8.legacy
- Added missing byacc BuildRequires
* Wed Sep 08 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.1.1-7.legacy
- Added security patch for CAN-2004-0691/0692/0693
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
rh7.3:
31dd5bcfd8477e31b15e0cdc52830a23024ada53 redhat/7.3/updates-testing/i386/qt2-2.3.1-4.legacy.i386.rpm
666926b1e02da9edcf44d025fee98326c86cd62d redhat/7.3/updates-testing/i386/qt2-designer-2.3.1-4.legacy.i386.rpm
f8abe3a856df3b6f6328e3a097b47d0e5f2c270e redhat/7.3/updates-testing/i386/qt2-devel-2.3.1-4.legacy.i386.rpm
7916b1d34f01c8f30d0f99485e2a2d3882fa85fd redhat/7.3/updates-testing/i386/qt2-static-2.3.1-4.legacy.i386.rpm
9c9876dc717734169f27e0eaa4daeb2ab70ff61f redhat/7.3/updates-testing/i386/qt2-Xt-2.3.1-4.legacy.i386.rpm
45de88207a2ed8fcc9f6b9e25e38b7ecd2c3c543 redhat/7.3/updates-testing/i386/qt-3.0.5-7.16.legacy.i386.rpm
f93cc80d6ef57b73c6be11cd055e5f7158b102fa redhat/7.3/updates-testing/i386/qt-designer-3.0.5-7.16.legacy.i386.rpm
b8301c059ecb90c497812f082e226cb504505ff2 redhat/7.3/updates-testing/i386/qt-devel-3.0.5-7.16.legacy.i386.rpm
d2168c04a5ad203d85b61217351f702a93b937e2 redhat/7.3/updates-testing/i386/qt-MySQL-3.0.5-7.16.legacy.i386.rpm
0ec08637df7a76b3512ecebc8705776770b797eb redhat/7.3/updates-testing/i386/qt-ODBC-3.0.5-7.16.legacy.i386.rpm
3374709a77752ffb1db8f4f4e82e67af58745007 redhat/7.3/updates-testing/i386/qt-PostgreSQL-3.0.5-7.16.legacy.i386.rpm
f717c6632e65f2f18d99a76d19716e4c1f39445e redhat/7.3/updates-testing/i386/qt-static-3.0.5-7.16.legacy.i386.rpm
a90a2ae47135a28830fb099dd9acdcfd1f83e199 redhat/7.3/updates-testing/i386/qt-Xt-3.0.5-7.16.legacy.i386.rpm
c9c98eff73d7fe6147ffa72baba764cdbfdd0d93 redhat/7.3/updates-testing/SRPMS/qt2-2.3.1-4.legacy.src.rpm
884033926f37ed56e60a750a9ad394436f8b9b4a redhat/7.3/updates-testing/SRPMS/qt-3.0.5-7.16.legacy.src.rpm
rh9:
db6801606256ca8a27eb53737981194e0a1ea01c redhat/9/updates-testing/i386/qt2-2.3.1-14.legacy.i386.rpm
7f1718735932279b4a8a7ff480cda6186f4e0b52 redhat/9/updates-testing/i386/qt2-designer-2.3.1-14.legacy.i386.rpm
39fec48edde4bec460fba6781c19551a2454d52e redhat/9/updates-testing/i386/qt2-devel-2.3.1-14.legacy.i386.rpm
4aeee3f5f2db49275838920f4980b24f074aa1dc redhat/9/updates-testing/i386/qt2-static-2.3.1-14.legacy.i386.rpm
a8c42841b7d5184f4668890bd04aa68c62fc23cb redhat/9/updates-testing/i386/qt2-Xt-2.3.1-14.legacy.i386.rpm
18f51017809f1a78289b3b1756c6944ef0c1ca71 redhat/9/updates-testing/i386/qt-3.1.1-8.legacy.i386.rpm
c275220a14e1d3f67494eda9674b112dd1925aa7 redhat/9/updates-testing/i386/qt-designer-3.1.1-8.legacy.i386.rpm
4c90b5e9ffdc7c572c0cf4474cda40c46f07c5c0 redhat/9/updates-testing/i386/qt-devel-3.1.1-8.legacy.i386.rpm
bb50a60d29c5b97a5033839f900781c1d7fa6af6 redhat/9/updates-testing/i386/qt-MySQL-3.1.1-8.legacy.i386.rpm
7f79b8bcad7a045614ac3f6cd34af6c2ee365cce redhat/9/updates-testing/i386/qt-ODBC-3.1.1-8.legacy.i386.rpm
2fa4db773641f4f0d67fddd2479a6d992e847825 redhat/9/updates-testing/i386/qt-PostgreSQL-3.1.1-8.legacy.i386.rpm
9537f1669fce9e3a9d9836e892e850315b7ecf39 redhat/9/updates-testing/i386/qt-Xt-3.1.1-8.legacy.i386.rpm
a3ad6d0143139b7fa537cdcf7c121ce120d0bd92 redhat/9/updates-testing/SRPMS/qt2-2.3.1-14.legacy.src.rpm
a5bd53a0a7be64720c4a70510344a5bd5ae5c64b redhat/9/updates-testing/SRPMS/qt-3.1.1-8.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
