LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 10 Update: qt-4.5.2-3.fc10 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora security fix for CVE-2009-2700
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9232
2009-09-03 00:09:58
--------------------------------------------------------------------------------

Name        : qt
Product     : Fedora 10
Version     : 4.5.2
Release     : 3.fc10
URL         : http://www.qtsoftware.com/
Summary     : Qt toolkit
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

security fix for CVE-2009-2700
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 31 2009 Than Ngo  - 4.5.2-3
- fix for CVE-2009-2700
* Tue Aug 18 2009 Than Ngo  - 4.5.2-2
- security fix for CVE-2009-1725
* Tue Aug 18 2009 Rex Dieter  4.5.2-1.2
- kde-qt: 287-qmenu-respect-minwidth
- kde-qt: 0288-more-x-keycodes (#475247)
* Wed Aug  5 2009 Rex Dieter  4.5.2-1.1
- use linker scripts for _debug targets (#510246)
- apply upstream patch to fix issue in Copy and paste
- optimize (icon-mostly) scriptlets
- -x11: Requires(post,postun): /sbin/ldconfig
* Thu Jul  2 2009 Than Ngo  - 4.5.2-1
- 4.5.2
* Sat May 30 2009 Rex Dieter  - 4.5.1-13
- -doc: Obsoletes: qt-doc < 1:4.5.1-4 (workaround bug #502401)
* Sat May 23 2009 Rex Dieter  - 4.5.1-12
- +phonon_internal macro to toggle packaging of qt's phonon (default off)
* Fri May 22 2009 Rex Dieter  - 4.5.1-11
- qt-copy-patches-20090522
* Wed May 20 2009 Rex Dieter  - 4.5.1-10.2
- full (non-bootstrap) build
* Wed May 20 2009 Rex Dieter  - 4.5.1-10.1
- allow for minimal bootstrap build (*cough* arm *cough*)
* Wed May  6 2009 Rex Dieter  - 4.5.1-10
- improved kde4_plugins patch, skip expensive/unneeded canonicalPath
* Wed May  6 2009 Rex Dieter  - 4.5.1-9
- include kde4 plugin path by default (#498809)
* Mon May  4 2009 Rex Dieter  - 4.5.1-8
- fix invalid assumptions about mysql_config --libs (bug #440673)
- fix %files breakage from 4.5.1-5
* Wed Apr 29 2009 Rex Dieter  - 4.5.1-7
- -devel: Provides: qt4-devel%{?_isa} ...
* Mon Apr 27 2009 Than Ngo  - 4.5.1-6
- drop useless hunk of qt-x11-opensource-src-4.5.1-enable_ft_lcdfilter.patch
* Mon Apr 27 2009 Rex Dieter  - 4.5.1-5
- -devel: Provides: *-static for libQtUiTools.a
* Fri Apr 24 2009 Rex Dieter  - 4.5.1-4
- qt-doc noarch
- qt-demos, qt-examples (split from -doc)
- (cosmetic) re-order subpkgs in alphabetical order
- drop unused profile.d bits
* Fri Apr 24 2009 Rex Dieter  - 4.5.1-3
- enable FT_LCD_FILTER (uses freetype subpixel filters if available at runtime)
* Fri Apr 24 2009 Than Ngo  - 4.5.1-2
- apply upstream patch to fix the svg rendering regression
* Thu Apr 23 2009 Than Ngo  - 4.5.1-1
- 4.5.1
* Tue Apr 14 2009 Rex Dieter  - 4.5.0-14
- fix vrgb/vgbr corruption, disable QT_USE_FREETYPE_LCDFILTER (#490377)
* Fri Apr 10 2009 Than Ngo  - 4.5.0-13
- unneeded executable permissions for profile.d scripts
* Wed Apr  1 2009 Kevin Kofler  - 4.5.0-12
- fix inline asm in qatomic (de)ref (i386/x86_64), should fix Kolourpaint crash
* Mon Mar 30 2009 Rex Dieter  - 4.5.0-11
- qt fails to build on ia64 (#492174)
* Wed Mar 25 2009 Rex Dieter  - 4.5.0-10
- qt-copy-patches-20090325
* Tue Mar 24 2009 Than Ngo  - 4.5.0-9
- lrelease only shows warning when duplicate messages found in *.ts( #491514)
* Fri Mar 20 2009 Rex Dieter  - 4.5.0-8
- qt-copy-patches-20090319
* Thu Mar 19 2009 Rex Dieter  - 4.5.0-7
- include more phonon bits, attempt to fix/provide phonon bindings
  for qtscriptgenerator, PyQt, ...
* Tue Mar 17 2009 Than Ngo  - 4.5.0-6
- fix lupdate segfault (#486866)
* Sat Mar 14 2009 Dennis Gilmore  - 4.5.0-5
- add patch for sparc64. 
- _Atomic_word is not always an int
* Tue Mar 10 2009 Rex Dieter  - 4.5.0-4
- macros.qt4: %_qt45
- cleanup more phonon-related left-overs
* Wed Mar  4 2009 Rex Dieter  - 4.5.0-3
- -no-phonon-backend
- include qdoc3
- move designer plugins to runtime (#487622)
* Tue Mar  3 2009 Rex Dieter  - 4.5.0-2
- License: LGPLv2 with exceptions or GPLv3 with exceptions
- BR: gstreamer-devel
- drop qgtkstyle patch (no longer needed)
- -x11: move libQtScriptTools here (linked with libQtGui)
* Tue Mar  3 2009 Than Ngo  - 4.5.0-1
- 4.5.0
* Fri Feb 27 2009 Rex Dieter  - 1:4.5.0-0.8.20090224
- 20090224 snapshot
- adjust pkgconfig hackery
* Wed Feb 25 2009 Fedora Release Engineering  - 1:4.5.0-0.7.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sun Feb 22 2009 Rex Dieter  4.5.0-0.5.rc1
- revert license, change won't land until official 4.5.0 release
- workaround broken qhostaddress.h (#485677)
- Provides: qgtkstyle = 0.1
* Fri Feb 20 2009 Rex Dieter  4.5.0-0.4.rc1
- saner versioned Obsoletes
- -gtkstyle, Obsoletes: qgtkstyle < 0.1
- enable phonon support and associated hackery
* Mon Feb 16 2009 Than Ngo  4.5.0-0.3.rc1
- fix callgrindChildExitCode is uninitialzed
* Sun Feb 15 2009 Rex Dieter  - 4.5.0-0.2.rc1
- qt-copy-patches-20090215
- License: +LGPLv2
* Wed Feb 11 2009 Than Ngo  - 4.5.0-0.rc1.0
- 4.5.0 rc1
* Thu Feb  5 2009 Rex Dieter  4.4.3-16
- track branches/qt-copy/4.4, and backout previous trunk(qt45) ones
* Mon Feb  2 2009 Than Ngo  4.4.3-15
- disable 0269,0270,0271 patches, it causes issue in systray
* Thu Jan 29 2009 Rex Dieter  - 4.4.3-14
- qt-copy-patches-20090129
* Mon Jan 26 2009 Rex Dieter  - 4.4.3-13
- Provides: qt4%{?_isa} = %version-%release
- add %_qt4 to macros.qt4
* Thu Jan 22 2009 Rex Dieter  - 4.4.3-12 
- respin (mysql)
* Fri Jan 16 2009 Kevin Kofler  - 4.4.3-11
- rebuild for new OpenSSL
* Mon Jan 12 2009 Rex Dieter  - 4.4.3-10
- drop qt-x11-opensource-src-4.3.4-no-hardcoded-font-aliases.patch (#447298),
  in favor of qt-copy's 0263-fix-fontconfig-handling.diff
* Mon Jan 12 2009 Than Ngo  - 4.4.3-9
- qt-copy-patches-20090112
* Tue Dec 30 2008 Rex Dieter  4.4.3-8
- qt-copy-patches-20081225
* Fri Dec 12 2008 Rex Dieter  4.4.3-7
- rebuild for pkgconfig deps
* Wed Nov 12 2008 Rex Dieter  4.4.3-6
- qt-copy-patches-20081112
* Tue Nov 11 2008 Than Ngo  4.4.3-5
- drop 0256-fix-recursive-backingstore-sync-crash.diff, it's
  included in qt-copy-pathes-20081110
* Mon Nov 10 2008 Rex Dieter  4.4.3-4
- qt-copy-patches-20081110
* Mon Nov 10 2008 Than Ngo  4.4.3-3
- apply 0256-fix-recursive-backingstore-sync-crash.diff
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #520435 - CVE-2009-2700 Qt: QSslCertificate incorrect verification of SSL certificate with NUL in subjectAltName
        https://bugzilla.redhat.com/show_bug.cgi?id=520435
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Linux Foundation enlists Microsoft, Google to prevent the next Heartbleed
Heartbleed prompts joint vendor effort to boost OpenSSL, security
F.B.I. Informant Is Tied to Cyberattacks Abroad
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.