[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201311-14.xml - gentoo-commits

From:	"Sergey Popov (pinkbyte)" <pinkbyte@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201311-14.xml
Date:	Fri, 22 Nov 2013 10:55:40
Message-Id:	`20131122105533.A543C2004B@flycatcher.gentoo.org`

1

pinkbyte    13/11/22 10:55:33

2

3

  Added:                glsa-201311-14.xml

4

  Log:

5

  GLSA 201311-14

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201311-14.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201311-14.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201311-14.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201311-14.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

<glsa id="201311-14">

20

  <title>QtCore, QtGui: Multiple vulnerabilities</title>

21

  <synopsis>Multiple vulnerabilities have been discovered in QtCore and QtGui,

22

    possibly resulting in execution of arbitrary code, Denial of Service, or

23

    man-in-the-middle attacks.

24

  </synopsis>

25

  <product type="ebuild">qt-core qt-gui</product>

26

  <announced>November 22, 2013</announced>

27

  <revised>November 22, 2013: 1</revised>

28

  <bug>361401</bug>

29

  <bug>382171</bug>

30

  <bug>384103</bug>

31

  <bug>455884</bug>

32

  <access>remote</access>

33

  <affected>

34

    <package name="dev-qt/qtcore" auto="yes" arch="*">

35

      <unaffected range="ge">4.8.4-r2</unaffected>

36

      <vulnerable range="lt">4.8.4-r2</vulnerable>

37

    </package>

38

    <package name="dev-qt/qtgui" auto="yes" arch="*">

39

      <unaffected range="ge">4.8.4-r1</unaffected>

40

      <vulnerable range="lt">4.8.4-r1</vulnerable>

41

    </package>

42

  </affected>

43

  <background>

44

    <p>The Qt toolkit is a comprehensive C++ application development framework.</p>

45

  </background>

46

  <description>

47

    <p>Multiple vulnerabilities have been discovered in QtCore and QtGui.

48

      Please review the CVE identifiers referenced below for details.

49

    </p>

50

  </description>

51

  <impact type="normal">

52

    <p>A remote attacker could entice a user to open a specially crafted file

53

      with an application linked against QtCore or QtGui, possibly resulting in

54

      execution of arbitrary code with the privileges of the process or a

55

      Denial of Service condition. Furthermore, a remote attacker might employ

56

      a specially crafted certificate to conduct man-in-the-middle attacks on

57

      SSL connections.

58

    </p>

59

  </impact>

60

  <workaround>

61

    <p>There is no known workaround at this time.</p>

62

  </workaround>

63

  <resolution>

64

    <p>All QtCore users should upgrade to the latest version:</p>

65

66

    <code>

67

      # emerge --sync

68

      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtcore-4.8.4-r2"

69

    </code>

70

71

    <p>All QtGui users should upgrade to the latest version:</p>

72

73

    <code>

74

      # emerge --sync

75

      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtgui-4.8.4-r1"

76

    </code>

77

78

    <p>Packages which depend on this library may need to be recompiled. Tools

79

      such as revdep-rebuild may assist in identifying some of these packages.

80

    </p>

81

  </resolution>

82

  <references>

83

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3193">CVE-2011-3193</uri>

84

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0254">CVE-2013-0254</uri>

85

    <uri link="http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificates/">

86

      Security advisory: Fraudulent certificates

87

    </uri>

88

    <uri link="http://blog.qt.digia.com/2011/09/02/what-the-diginotar-security-breach-means-for-qt-users/">

89

      What the DigiNotar security breach means for Qt users

90

    </uri>

91

  </references>

92

  <metadata tag="requester" timestamp="Tue, 15 May 2012 06:36:48 +0000">

93

    underling

94

  </metadata>

95

  <metadata tag="submitter" timestamp="Fri, 22 Nov 2013 10:54:16 +0000">ackle</metadata>

96

</glsa>

1	pinkbyte 13/11/22 10:55:33
2
3	Added: glsa-201311-14.xml
4	Log:
5	GLSA 201311-14
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201311-14.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201311-14.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201311-14.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201311-14.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19	<glsa id="201311-14">
20	<title>QtCore, QtGui: Multiple vulnerabilities</title>
21	<synopsis>Multiple vulnerabilities have been discovered in QtCore and QtGui,
22	possibly resulting in execution of arbitrary code, Denial of Service, or
23	man-in-the-middle attacks.
24	</synopsis>
25	<product type="ebuild">qt-core qt-gui</product>
26	<announced>November 22, 2013</announced>
27	<revised>November 22, 2013: 1</revised>
28	<bug>361401</bug>
29	<bug>382171</bug>
30	<bug>384103</bug>
31	<bug>455884</bug>
32	<access>remote</access>
33	<affected>
34	<package name="dev-qt/qtcore" auto="yes" arch="*">
35	<unaffected range="ge">4.8.4-r2</unaffected>
36	<vulnerable range="lt">4.8.4-r2</vulnerable>
37	</package>
38	<package name="dev-qt/qtgui" auto="yes" arch="*">
39	<unaffected range="ge">4.8.4-r1</unaffected>
40	<vulnerable range="lt">4.8.4-r1</vulnerable>
41	</package>
42	</affected>
43	<background>
44	<p>The Qt toolkit is a comprehensive C++ application development framework.</p>
45	</background>
46	<description>
47	<p>Multiple vulnerabilities have been discovered in QtCore and QtGui.
48	Please review the CVE identifiers referenced below for details.
49	</p>
50	</description>
51	<impact type="normal">
52	<p>A remote attacker could entice a user to open a specially crafted file
53	with an application linked against QtCore or QtGui, possibly resulting in
54	execution of arbitrary code with the privileges of the process or a
55	Denial of Service condition. Furthermore, a remote attacker might employ
56	a specially crafted certificate to conduct man-in-the-middle attacks on
57	SSL connections.
58	</p>
59	</impact>
60	<workaround>
61	<p>There is no known workaround at this time.</p>
62	</workaround>
63	<resolution>
64	<p>All QtCore users should upgrade to the latest version:</p>
65
66	<code>
67	# emerge --sync
68	# emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.4-r2"
69	</code>
70
71	<p>All QtGui users should upgrade to the latest version:</p>
72
73	<code>
74	# emerge --sync
75	# emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.4-r1"
76	</code>
77
78	<p>Packages which depend on this library may need to be recompiled. Tools
79	such as revdep-rebuild may assist in identifying some of these packages.
80	</p>
81	</resolution>
82	<references>
83	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3193">CVE-2011-3193</uri>
84	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0254">CVE-2013-0254</uri>
85	<uri link="http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificates/">
86	Security advisory: Fraudulent certificates
87	</uri>
88	<uri link="http://blog.qt.digia.com/2011/09/02/what-the-diginotar-security-breach-means-for-qt-users/">
89	What the DigiNotar security breach means for Qt users
90	</uri>
91	</references>
92	<metadata tag="requester" timestamp="Tue, 15 May 2012 06:36:48 +0000">
93	underling
94	</metadata>
95	<metadata tag="submitter" timestamp="Fri, 22 Nov 2013 10:54:16 +0000">ackle</metadata>
96	</glsa>

Gentoo Archives: gentoo-commits