Bug 12043

for the record:  

https://codereview.qt-project.org/#change,71010
http://lists.qt-project.org/pipermail/announce/2013-December/000036.html

pushed in the BS for mga3

OK, we have qt5 5.2 in Cauldron, so it's already fixed there.  Thanks Nicolas!

It looks like we have a qt5 5.0.2 packaged on Mageia 3, so that may need to be added to this.

Here's the advisory with just qt4 for now.

Advisory:
========================

Updated qt4 packages fixes security vulnerability:

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML
entity expansion. An attacker could use this flaw to cause Qt applications
to consume large amounts of resources, resulting in a denial of service
(CVE-2013-4549).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549
http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
http://www.ubuntu.com/usn/usn-2057-1/
========================

Updated packages in core/updates_testing:
========================
qt4-common-4.8.5-1.2.mga3
libqtxml4-4.8.5-1.2.mga3
libqtscripttools4-4.8.5-1.2.mga3
libqtxmlpatterns4-4.8.5-1.2.mga3
libqtsql4-4.8.5-1.2.mga3
libqtnetwork4-4.8.5-1.2.mga3
libqtscript4-4.8.5-1.2.mga3
libqtgui4-4.8.5-1.2.mga3
libqtsvg4-4.8.5-1.2.mga3
libqttest4-4.8.5-1.2.mga3
libqthelp4-4.8.5-1.2.mga3
libqtclucene4-4.8.5-1.2.mga3
libqtcore4-4.8.5-1.2.mga3
libqt3support4-4.8.5-1.2.mga3
libqtopengl4-4.8.5-1.2.mga3
libqtdesigner4-4.8.5-1.2.mga3
libqtdbus4-4.8.5-1.2.mga3
libqtmultimedia4-4.8.5-1.2.mga3
qt4-qtdbus-4.8.5-1.2.mga3
libqtdeclarative4-4.8.5-1.2.mga3
qt4-qmlviewer-4.8.5-1.2.mga3
libqt4-devel-4.8.5-1.2.mga3
qt4-devel-private-4.8.5-1.2.mga3
qt4-xmlpatterns-4.8.5-1.2.mga3
qt4-qtconfig-4.8.5-1.2.mga3
qt4-doc-4.8.5-1.2.mga3
qt4-demos-4.8.5-1.2.mga3
qt4-examples-4.8.5-1.2.mga3
qt4-linguist-4.8.5-1.2.mga3
qt4-assistant-4.8.5-1.2.mga3
qt4-database-plugin-mysql-4.8.5-1.2.mga3
qt4-database-plugin-sqlite-4.8.5-1.2.mga3
qt4-database-plugin-tds-4.8.5-1.2.mga3
qt4-database-plugin-pgsql-4.8.5-1.2.mga3
qt4-graphicssystems-plugin-4.8.5-1.2.mga3
qt4-accessibility-plugin-4.8.5-1.2.mga3
qt4-designer-4.8.5-1.2.mga3
qt4-designer-plugin-webkit-4.8.5-1.2.mga3
qt4-designer-plugin-qt3support-4.8.5-1.2.mga3
qt4-qvfb-4.8.5-1.2.mga3
qt4-qdoc3-4.8.5-1.2.mga3

from qt4-4.8.5-1.2.mga3

CC: (none) => mageia
Version: Cauldron => 3
Whiteboard: MGA3TOO => (none)

Should we wait for qt5 to be updated too, or go ahead with testing qt4, and
use a new bug report for qt5?

CC: (none) => davidwhodgins

I created Bug 12178 for qt5, so qt4 can be tested.

The version in updates, and updates testing have the same release/version
numbers.

$ tree -ifa|grep qt4-demos
./release/qt4-demos-4.8.4-7.mga3.i586.rpm
./updates/qt4-demos-4.8.5-1.2.mga3.i586.rpm
./updates_testing/qt4-demos-4.8.5-1.2.mga3.i586.rpm

Whiteboard: (none) => feedback

Thanks, qt4-4.8.5-1.3.mga3.src.rpm is building now.

Whiteboard: feedback => (none)

Advisory added to svn. Waiting for local mirror to sync, before testing.

Whiteboard: (none) => advisory

No poc, so just testing that all of the packages install cleanly and kde is ok.

Testing complete on Mageia 3 i586 and x86_64.

Someone from the sysadmin team please push 12043.adv to updates.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Update pushed:
http://advisories.mageia.org/MGASA-2014-0009.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED