[SECURITY] Fedora 20 Update: qt3-3.3.8b-63.fc20

updates at fedoraproject.org updates at fedoraproject.org
Fri May 1 16:49:15 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-6573
2015-04-22 16:51:38
--------------------------------------------------------------------------------

Name        : qt3
Product     : Fedora 20
Version     : 3.3.8b
Release     : 63.fc20
URL         : http://www.troll.no
Summary     : The shared library for the Qt 3 GUI toolkit
Description :
Qt is a GUI software toolkit which simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications
for the X Window System.

Qt is written in C++ and is fully object-oriented.

This package contains the shared library needed to run Qt 3
applications, as well as the README files for Qt 3.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2015-1860, a buffer overflow when loading some specific invalid GIF image files, which could be exploited for denial of service (application crash) and possibly even arbitrary code execution attacks. The security patch is backported from Qt 4.

(Please note that Qt 3 is NOT vulnerable to the simultaneously published issues CVE-2015-1858 and CVE-2015-1859.)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 21 2015 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-63
- backport CVE-2015-1860 (GIF handler buffer overflow, #1210675) fix from Qt 4
* Sat Feb 28 2015 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-62
- backport CVE-2015-0295 (BMP image handler DoS, #1197275) fix from Qt 4
* Fri Feb 27 2015 Rex Dieter <rdieter at fedoraproject.org> 3.3.8b-61
- rebuild (gcc5)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.8b-60
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.8b-59
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 29 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-58
- backport CVE-2014-0190 (GIF image handler DoS, QTBUG-38367) fix from Qt 4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1210675 - CVE-2015-1860 qt: segmentation fault in qgifhandler.cpp
        https://bugzilla.redhat.com/show_bug.cgi?id=1210675
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update qt3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list