openSUSE has issued an advisory on December 23: https://lists.opensuse.org/opensuse-updates/2018-12/msg00121.html Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Checked for release 5.12.0 in Cauldron, this one is not affected as it is already fixed upstream.
CC: (none) => geiger.david68210
Fixed for mga6!
Advisory: ======================== Updated qtbase5 packages fix security vulnerabilities: Double free in QXmlStreamReader (CVE-2018-15518). Denial of Service on malformed BMP file in QBmpHandler (CVE-2018-19873). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873 https://lists.opensuse.org/opensuse-updates/2018-12/msg00121.html ======================== Updated packages in core/updates_testing: ======================== qtbase5-common-5.9.4-1.2.mga6 qtbase5-common-devel-5.9.4-1.2.mga6 qtbase5-examples-5.9.4-1.2.mga6 qtbase5-doc-5.9.4-1.2.mga6 libqt5core5-5.9.4-1.2.mga6 libqt5core-devel-5.9.4-1.2.mga6 libqt5concurrent5-5.9.4-1.2.mga6 libqt5concurrent-devel-5.9.4-1.2.mga6 libqt5dbus5-5.9.4-1.2.mga6 libqt5dbus-devel-5.9.4-1.2.mga6 libqt5eglfsdeviceintegration5-5.9.4-1.2.mga6 libqt5eglfsdeviceintegration-devel-5.9.4-1.2.mga6 libqt5eglfskmssupport5-5.9.4-1.2.mga6 libqt5eglfskmssupport-devel-5.9.4-1.2.mga6 libqt5gui5-5.9.4-1.2.mga6 libqt5gui-devel-5.9.4-1.2.mga6 libqt5network5-5.9.4-1.2.mga6 libqt5network-devel-5.9.4-1.2.mga6 libqt5opengl5-5.9.4-1.2.mga6 libqt5opengl-devel-5.9.4-1.2.mga6 libqt5platformsupport-devel-5.9.4-1.2.mga6 libqt5printsupport5-5.9.4-1.2.mga6 libqt5printsupport-devel-5.9.4-1.2.mga6 libqt5sql5-5.9.4-1.2.mga6 libqt5sql-devel-5.9.4-1.2.mga6 libqt5test5-5.9.4-1.2.mga6 libqt5test-devel-5.9.4-1.2.mga6 libqt5widgets5-5.9.4-1.2.mga6 libqt5widgets-devel-5.9.4-1.2.mga6 libqt5xcbqpa5-5.9.4-1.2.mga6 libqt5xcbqpa-devel-5.9.4-1.2.mga6 libqt5xml5-5.9.4-1.2.mga6 libqt5xml-devel-5.9.4-1.2.mga6 libqt5base5-devel-5.9.4-1.2.mga6 libqt5accessibilitysupport-static-devel-5.9.4-1.2.mga6 libqt5linuxaccessibilitysupport-static-devel-5.9.4-1.2.mga6 libqt5bootstrap-static-devel-5.9.4-1.2.mga6 libqt5devicediscoverysupport-static-devel-5.9.4-1.2.mga6 libqt5eglsupport-static-devel-5.9.4-1.2.mga6 libqt5eventdispatchersupport-static-devel-5.9.4-1.2.mga6 libqt5fbsupport-static-devel-5.9.4-1.2.mga6 libqt5fontdatabasesupport-static-devel-5.9.4-1.2.mga6 libqt5glxsupport-static-devel-5.9.4-1.2.mga6 libqt5inputsupport-static-devel-5.9.4-1.2.mga6 libqt5kmssupport-static-devel-5.9.4-1.2.mga6 libqt5platformcompositorsupport-static-devel-5.9.4-1.2.mga6 libqt5servicesupport-static-devel-5.9.4-1.2.mga6 libqt5themesupport-static-devel-5.9.4-1.2.mga6 libqt5-database-plugin-odbc-5.9.4-1.2.mga6 libqt5-database-plugin-mysql-5.9.4-1.2.mga6 libqt5-database-plugin-sqlite-5.9.4-1.2.mga6 libqt5-database-plugin-tds-5.9.4-1.2.mga6 libqt5-database-plugin-pgsql-5.9.4-1.2.mga6 from qtbase5-5.9.4-1.2.mga6.src.rpm
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)Assignee: kde => qa-bugs
Preparing to test Mageia 6 64-bit The following 18 packages are going to be installed: - lib64qt5-database-plugin-mysql-5.9.4-1.2.mga6.x86_64 - lib64qt5-database-plugin-sqlite-5.9.4-1.2.mga6.x86_64 - lib64qt5concurrent5-5.9.4-1.2.mga6.x86_64 - lib64qt5core5-5.9.4-1.2.mga6.x86_64 - lib64qt5dbus5-5.9.4-1.2.mga6.x86_64 - lib64qt5eglfsdeviceintegration5-5.9.4-1.2.mga6.x86_64 - lib64qt5eglfskmssupport5-5.9.4-1.2.mga6.x86_64 - lib64qt5gui5-5.9.4-1.2.mga6.x86_64 - lib64qt5network5-5.9.4-1.2.mga6.x86_64 - lib64qt5opengl5-5.9.4-1.2.mga6.x86_64 - lib64qt5printsupport5-5.9.4-1.2.mga6.x86_64 - lib64qt5sql5-5.9.4-1.2.mga6.x86_64 - lib64qt5test5-5.9.4-1.2.mga6.x86_64 - lib64qt5widgets5-5.9.4-1.2.mga6.x86_64 - lib64qt5xcbqpa5-5.9.4-1.2.mga6.x86_64 - lib64qt5xml5-5.9.4-1.2.mga6.x86_64 - qtbase5-common-5.9.4-1.2.mga6.x86_64 - qtbase5-examples-5.9.4-1.2.mga6.x86_64 which is what I happen to have. Afterwards, I shall use Plasma, only reporting -ve feedback, until this bug is OK'd generally.
This is the sort of update that the QA Repo tool was made for. Using "*5.9.4* in the rpm field, the tool was able to pick out just the packages to be tested. Testing on real hardware, 64-bit Plasma Mageia 6 with Athlon X2 and nvidia340 graphics, and 32-bit Plasma Mageia 6 on Intel i3 with Intel graphics. These packages are so integral to the function of Plasma that I think testing both arches is a good idea. Packages updated include the same packages as Lewis listed in Comment 4, except for qtbase5-examples, which was not installed on my systems. Packages installed cleanly on both systems. After a reboot (which shouldn't have been needed but I did it anyway), I tried this and that, with no issues noted. I do not have all QT applications installed, so of course I can't test them all. However, it appears that Plasma's basic functioning is unimpaired. Giving this a tentative OK on both arches. If this test is insufficient, please advise. If no problems arise, I will validate in a day or two.
Whiteboard: (none) => MGA6-32-OK MGA6-64-OKCC: (none) => andrewsfarm
(In reply to Thomas Andrews from comment #5) > Giving this a tentative OK on both arches. If this test is insufficient, > please advise. If no problems arise, I will validate in a day or two. I have had no problems running this update. Leave validation to you when you see fit. Advisory done from comment 3.
Keywords: (none) => advisoryCC: (none) => lewyssmith
No problems here, either. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0025.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED