Fedora Legacy Test Update Notification: qt

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Feb 17 22:13:42 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2002
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2002
2005-02-17
---------------------------------------------------------------------

Name        : qt
Versions    : rh7.3: qt-3.0.5-7.16.legacy
Versions    : rh9: qt-3.1.1-8.legacy
Summary     : The shared library for the Qt GUI toolkit.
Description :
Qt is a GUI software toolkit which simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications
for the X Window System.

Qt is written in C++ and is fully object-oriented.

This package contains the shared library needed to run qt
applications, as well as the README files for qt.

---------------------------------------------------------------------
Update Information:

Updated qt packages that fix security issues in several of the image
decoders are now available.

Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System.

During a security audit, Chris Evans discovered a heap overflow in the
BMP image decoder in Qt versions prior to 3.3.3. An attacker could
create a carefully crafted BMP file in such a way that it would cause an
application linked with Qt to crash or possibly execute arbitrary code
when the file was opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0691 to
this issue.

Additionally, various flaws were discovered in the GIF, XPM, and JPEG
decoders in Qt versions prior to 3.3.3. An attacker could create
carefully crafted image files in such a way that it could cause an
application linked against Qt to crash when the file was opened by a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues.

Users of Qt should update to these updated packages which contain
backported patches and are not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Sat Feb 12 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.0.5-7.16.legacy
- Added missing BuildRequires: freetype-devel, expat-devel, XFree86-devel

* Wed Sep 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.0.5-7.15.legacy
- Added security patch for CAN-2004-0691/0692/0693

rh9:
* Sat Feb 12 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.1.1-8.legacy
- Added missing byacc BuildRequires

* Wed Sep 08 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
3.1.1-7.legacy
- Added security patch for CAN-2004-0691/0692/0693

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
31dd5bcfd8477e31b15e0cdc52830a23024ada53 
redhat/7.3/updates-testing/i386/qt2-2.3.1-4.legacy.i386.rpm
666926b1e02da9edcf44d025fee98326c86cd62d 
redhat/7.3/updates-testing/i386/qt2-designer-2.3.1-4.legacy.i386.rpm
f8abe3a856df3b6f6328e3a097b47d0e5f2c270e 
redhat/7.3/updates-testing/i386/qt2-devel-2.3.1-4.legacy.i386.rpm
7916b1d34f01c8f30d0f99485e2a2d3882fa85fd 
redhat/7.3/updates-testing/i386/qt2-static-2.3.1-4.legacy.i386.rpm
9c9876dc717734169f27e0eaa4daeb2ab70ff61f 
redhat/7.3/updates-testing/i386/qt2-Xt-2.3.1-4.legacy.i386.rpm
45de88207a2ed8fcc9f6b9e25e38b7ecd2c3c543 
redhat/7.3/updates-testing/i386/qt-3.0.5-7.16.legacy.i386.rpm
f93cc80d6ef57b73c6be11cd055e5f7158b102fa 
redhat/7.3/updates-testing/i386/qt-designer-3.0.5-7.16.legacy.i386.rpm
b8301c059ecb90c497812f082e226cb504505ff2 
redhat/7.3/updates-testing/i386/qt-devel-3.0.5-7.16.legacy.i386.rpm
d2168c04a5ad203d85b61217351f702a93b937e2 
redhat/7.3/updates-testing/i386/qt-MySQL-3.0.5-7.16.legacy.i386.rpm
0ec08637df7a76b3512ecebc8705776770b797eb 
redhat/7.3/updates-testing/i386/qt-ODBC-3.0.5-7.16.legacy.i386.rpm
3374709a77752ffb1db8f4f4e82e67af58745007 
redhat/7.3/updates-testing/i386/qt-PostgreSQL-3.0.5-7.16.legacy.i386.rpm
f717c6632e65f2f18d99a76d19716e4c1f39445e 
redhat/7.3/updates-testing/i386/qt-static-3.0.5-7.16.legacy.i386.rpm
a90a2ae47135a28830fb099dd9acdcfd1f83e199 
redhat/7.3/updates-testing/i386/qt-Xt-3.0.5-7.16.legacy.i386.rpm
c9c98eff73d7fe6147ffa72baba764cdbfdd0d93 
redhat/7.3/updates-testing/SRPMS/qt2-2.3.1-4.legacy.src.rpm
884033926f37ed56e60a750a9ad394436f8b9b4a 
redhat/7.3/updates-testing/SRPMS/qt-3.0.5-7.16.legacy.src.rpm

rh9:
db6801606256ca8a27eb53737981194e0a1ea01c 
redhat/9/updates-testing/i386/qt2-2.3.1-14.legacy.i386.rpm
7f1718735932279b4a8a7ff480cda6186f4e0b52 
redhat/9/updates-testing/i386/qt2-designer-2.3.1-14.legacy.i386.rpm
39fec48edde4bec460fba6781c19551a2454d52e 
redhat/9/updates-testing/i386/qt2-devel-2.3.1-14.legacy.i386.rpm
4aeee3f5f2db49275838920f4980b24f074aa1dc 
redhat/9/updates-testing/i386/qt2-static-2.3.1-14.legacy.i386.rpm
a8c42841b7d5184f4668890bd04aa68c62fc23cb 
redhat/9/updates-testing/i386/qt2-Xt-2.3.1-14.legacy.i386.rpm
18f51017809f1a78289b3b1756c6944ef0c1ca71 
redhat/9/updates-testing/i386/qt-3.1.1-8.legacy.i386.rpm
c275220a14e1d3f67494eda9674b112dd1925aa7 
redhat/9/updates-testing/i386/qt-designer-3.1.1-8.legacy.i386.rpm
4c90b5e9ffdc7c572c0cf4474cda40c46f07c5c0 
redhat/9/updates-testing/i386/qt-devel-3.1.1-8.legacy.i386.rpm
bb50a60d29c5b97a5033839f900781c1d7fa6af6 
redhat/9/updates-testing/i386/qt-MySQL-3.1.1-8.legacy.i386.rpm
7f79b8bcad7a045614ac3f6cd34af6c2ee365cce 
redhat/9/updates-testing/i386/qt-ODBC-3.1.1-8.legacy.i386.rpm
2fa4db773641f4f0d67fddd2479a6d992e847825 
redhat/9/updates-testing/i386/qt-PostgreSQL-3.1.1-8.legacy.i386.rpm
9537f1669fce9e3a9d9836e892e850315b7ecf39 
redhat/9/updates-testing/i386/qt-Xt-3.1.1-8.legacy.i386.rpm
a3ad6d0143139b7fa537cdcf7c121ce120d0bd92 
redhat/9/updates-testing/SRPMS/qt2-2.3.1-14.legacy.src.rpm
a5bd53a0a7be64720c4a70510344a5bd5ae5c64b 
redhat/9/updates-testing/SRPMS/qt-3.1.1-8.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050217/62280a20/attachment.sig>

More information about the fedora-legacy-list mailing list