Fedora has issued an advisory on June 9: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MMPQK37WEHT2KHWYTH4WNIAWNFKBUZ3P/ Mageia 5 is also affected (but this package is only required by lsb). Patched packages uploaded for Mageia 6 and Cauldron. Testing that it upgrades successfully is sufficient. Advisory: ======================== Updated qt3 packages fix security vulnerability: A stack overflow flaw was found in the way Qt parsed XML input with several nested opening tags. An application using Qt's QXmlSimpleReader to parse specially crafted XML input could crash (CVE-2016-10040). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10040 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MMPQK37WEHT2KHWYTH4WNIAWNFKBUZ3P/ ======================== Updated packages in core/updates_testing: ======================== libqt3-3.3.8b-42.1.mga6 qt3-common-3.3.8b-42.1.mga6 libqt3-mysql-3.3.8b-42.1.mga6 libqt3-psql-3.3.8b-42.1.mga6 libqt3-odbc-3.3.8b-42.1.mga6 libqt3-sqlite-3.3.8b-42.1.mga6 from qt3-3.3.8b-42.1.mga6.src.rpm
Version: Cauldron => 6
No packages in the repositories use the Qt3 packages and I no longer have anything that uses or can be compiled to use Qt3. Any idea on how to test these Qt3 packages?
CC: (none) => mageia
As I said in Comment 0, just test that they upgrade cleanly.
MGA6-32 on IBM Thinkpad R50e MATE No installation issues, clean install.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Installed without issues. System: Mageia 6, x86_64, Intel CPU. $ urpmi qt3-common lib64qt3 lib64qt3-mysql lib64qt3-odbc lib64qt3-psql lib64qt3-sqlite <SNIP NO ERRORS> $ uname -a Linux marte 4.14.44-desktop-2.mga6 #1 SMP Mon May 28 22:35:45 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | egrep 'qt3-common|lib64qt3-' | sort lib64qt3-3.3.8b-42.1.mga6 lib64qt3-mysql-3.3.8b-42.1.mga6 lib64qt3-odbc-3.3.8b-42.1.mga6 lib64qt3-psql-3.3.8b-42.1.mga6 lib64qt3-sqlite-3.3.8b-42.1.mga6 qt3-common-3.3.8b-42.1.mga6
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
(In reply to PC LX from comment #1) > No packages in the repositories use the Qt3 packages and I no longer have > anything that uses or can be compiled to use Qt3. In cauldron, bug 23166 should be fixed instead (a.k.a. kill Qt3), see bug 23166 comment 2.
(In reply to Frédéric Buclin from comment #5) > (In reply to PC LX from comment #1) > > No packages in the repositories use the Qt3 packages and I no longer have > > anything that uses or can be compiled to use Qt3. > > In cauldron, bug 19684 should be fixed instead (a.k.a. kill Qt3), see bug > 19684 comment 2.
Yes it does need to be removed from Cauldron.
Frédéric could you ensure there is a bug report for removing qt3 from Cauldron please. Validating this one.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisoried
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0284.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
(In reply to claire robinson from comment #8) > Frédéric could you ensure there is a bug report for removing qt3 from > Cauldron please. This should be done in bug 19684.