Fedora has issued an advisory on June 9:
Mageia 5 is also affected (but this package is only required by lsb).
Patched packages uploaded for Mageia 6 and Cauldron.
Testing that it upgrades successfully is sufficient.
Updated qt3 packages fix security vulnerability:
A stack overflow flaw was found in the way Qt parsed XML input with several
nested opening tags. An application using Qt's QXmlSimpleReader to parse
specially crafted XML input could crash (CVE-2016-10040).
Updated packages in core/updates_testing:
No packages in the repositories use the Qt3 packages and I no longer have anything that uses or can be compiled to use Qt3.
Any idea on how to test these Qt3 packages?
As I said in Comment 0, just test that they upgrade cleanly.
MGA6-32 on IBM Thinkpad R50e MATE
No installation issues, clean install.
Installed without issues.
System: Mageia 6, x86_64, Intel CPU.
$ urpmi qt3-common lib64qt3 lib64qt3-mysql lib64qt3-odbc lib64qt3-psql lib64qt3-sqlite
<SNIP NO ERRORS>
$ uname -a
Linux marte 4.14.44-desktop-2.mga6 #1 SMP Mon May 28 22:35:45 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | egrep 'qt3-common|lib64qt3-' | sort
(In reply to PC LX from comment #1)
> No packages in the repositories use the Qt3 packages and I no longer have
> anything that uses or can be compiled to use Qt3.
In cauldron, bug 23166 should be fixed instead (a.k.a. kill Qt3), see bug 23166 comment 2.
(In reply to Frédéric Buclin from comment #5)
> (In reply to PC LX from comment #1)
> > No packages in the repositories use the Qt3 packages and I no longer have
> > anything that uses or can be compiled to use Qt3.
> In cauldron, bug 19684 should be fixed instead (a.k.a. kill Qt3), see bug
> 19684 comment 2.
Yes it does need to be removed from Cauldron.
Frédéric could you ensure there is a bug report for removing qt3 from Cauldron please.
Validating this one.
An update for this issue has been pushed to the Mageia Updates repository.
(In reply to claire robinson from comment #8)
> Frédéric could you ensure there is a bug report for removing qt3 from
> Cauldron please.
This should be done in bug 19684.