[SECURITY] Fedora 12 Update: qt-4.5.3-9.fc12
updates at fedoraproject.org
updates at fedoraproject.org
Sat Nov 14 03:30:38 UTC 2009
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11487
2009-11-14 02:52:09
--------------------------------------------------------------------------------
Name : qt
Product : Fedora 12
Version : 4.5.3
Release : 9.fc12
URL : http://www.qtsoftware.com/
Summary : Qt toolkit
Description :
Qt is a software toolkit for developing applications.
This package contains base tools, like string, xml, and network
handling.
--------------------------------------------------------------------------------
Update Information:
A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS)
implementation. Multiple security flaws (integer underflow, invalid pointer
dereference, buffer underflow and a denial of service) were found in the way
WebKit's FTP parser used to process remote FTP directory listings.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 12 2009 Jaroslav Reznik <jreznik at redhat.com> - 4.5.3-9
- CVE-2009-3384 - WebKit, ftp listing handling (#525788)
- CVE-2009-2816 - WebKit, MITM Cross-Origin Resource Sharing (#525789)
* Sun Nov 8 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.3-8
- -x11: Requires: %{name}-sqlite(ppc-32)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #525788 - CVE-2009-3384 WebKit, qt: Multiple security issues while handling FTP directory listings
https://bugzilla.redhat.com/show_bug.cgi?id=525788
[ 2 ] Bug #525789 - CVE-2009-2816 WebKit, qt: MITM in the WebKit's Cross-Origin Resource Sharing (CORS) implementation
https://bugzilla.redhat.com/show_bug.cgi?id=525789
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list