Gentoo Archives: gentoo-commits

From: "Pierre-Yves Rofes (py)" <py@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200712-08.xml
Date: Sun, 09 Dec 2007 21:59:45
Message-Id: E1J1UBY-0007hE-Vm@stork.gentoo.org
1 py 07/12/09 21:59:40
2
3 Added: glsa-200712-08.xml
4 Log:
5 GLSA 200712-08
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-200712-08.xml
9
10 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-08.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200712-08.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-200712-08.xml
14 ===================================================================
15 <?xml version="1.0" encoding="utf-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20 <glsa id="200712-08">
21 <title>AMD64 x86 emulation Qt library: Multiple vulnerabilities</title>
22 <synopsis>
23 Multiple vulnerabilities in the AMD64 x86 emulation Qt library may lead to
24 the remote execution of arbitrary code in Qt applications.
25 </synopsis>
26 <product type="ebuild">emul-linux-x86-qtlibs</product>
27 <announced>December 09, 2007</announced>
28 <revised>December 09, 2007: 01</revised>
29 <bug>189536</bug>
30 <access>remote</access>
31 <affected>
32 <package name="app-emulation/emul-linux-x86-qtlibs" auto="yes" arch="amd64">
33 <unaffected range="ge">20071114-r2</unaffected>
34 <vulnerable range="lt">20071114-r2</vulnerable>
35 </package>
36 </affected>
37 <background>
38 <p>
39 Qt is a cross-platform GUI framework, which is used e.g. by KDE. The
40 AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86
41 emulation on AMD64.
42 </p>
43 </background>
44 <description>
45 <p>
46 The Qt versions used by the AMD64 x86 emulation Qt libraries were
47 vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28)
48 </p>
49 </description>
50 <impact type="normal">
51 <p>
52 An attacker could trigger one of the vulnerabilities by causing a Qt
53 application to parse specially crafted text or Unicode strings, which
54 may lead to the execution of arbitrary code with the privileges of the
55 user running the application.
56 </p>
57 </impact>
58 <workaround>
59 <p>
60 There is no known workaround at this time.
61 </p>
62 </workaround>
63 <resolution>
64 <p>
65 All AMD64 x86 emulation Qt library users should upgrade to the latest
66 version:
67 </p>
68 <code>
69 # emerge --sync
70 # emerge --ask --oneshot --verbose &quot;&gt;=app-emulation/emul-linux-x86-qtlibs-20071114-r2&quot;</code>
71 </resolution>
72 <references>
73 <uri link="http://www.gentoo.org/security/en/glsa/glsa-200708-16.xml">GLSA 200708-16</uri>
74 <uri link="http://www.gentoo.org/security/en/glsa/glsa-200710-28.xml">GLSA 200710-28</uri>
75 </references>
76 <metadata tag="requester" timestamp="Sun, 02 Dec 2007 12:28:12 +0000">
77 rbu
78 </metadata>
79 <metadata tag="submitter" timestamp="Sun, 09 Dec 2007 19:55:14 +0000">
80 welp
81 </metadata>
82 <metadata tag="bugReady" timestamp="Sun, 09 Dec 2007 20:04:39 +0000">
83 welp
84 </metadata>
85 </glsa>
86
87
88
89 --
90 gentoo-commits@g.o mailing list