Fedora has issued an advisory on August 16: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/ The issue is fixed in Qt5 upstream in 5.12.9 and 5.15.1 and can be patched in Qt4. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
So first done for qtbase5 on Cauldron and mga7!
CC: (none) => geiger.david68210
And now done for qt4 on Cauldron and mga7!
Advisory: ======================== Updated qt4 and qtbase5 packages fix security vulnerability: The read_xbm_body function in gui/image/qxbmhandler.cpp has a buffer over-read (CVE-2020-17507). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/ ======================== Updated packages in core/updates_testing: ======================== qt4-common-4.8.7-26.2.mga7 libqtxml4-4.8.7-26.2.mga7 libqtscripttools4-4.8.7-26.2.mga7 libqtxmlpatterns4-4.8.7-26.2.mga7 libqtsql4-4.8.7-26.2.mga7 libqtnetwork4-4.8.7-26.2.mga7 libqtscript4-4.8.7-26.2.mga7 libqtgui4-4.8.7-26.2.mga7 libqtsvg4-4.8.7-26.2.mga7 libqttest4-4.8.7-26.2.mga7 libqthelp4-4.8.7-26.2.mga7 libqtclucene4-4.8.7-26.2.mga7 libqtcore4-4.8.7-26.2.mga7 libqt3support4-4.8.7-26.2.mga7 libqtopengl4-4.8.7-26.2.mga7 libqtdesigner4-4.8.7-26.2.mga7 libqtdbus4-4.8.7-26.2.mga7 libqtmultimedia4-4.8.7-26.2.mga7 qt4-qtdbus-4.8.7-26.2.mga7 libqtdeclarative4-4.8.7-26.2.mga7 qt4-qmlviewer-4.8.7-26.2.mga7 libqt4-devel-4.8.7-26.2.mga7 qt4-devel-private-4.8.7-26.2.mga7 qt4-xmlpatterns-4.8.7-26.2.mga7 qt4-qtconfig-4.8.7-26.2.mga7 qt4-doc-4.8.7-26.2.mga7 qt4-demos-4.8.7-26.2.mga7 qt4-examples-4.8.7-26.2.mga7 qt4-linguist-4.8.7-26.2.mga7 qt4-assistant-4.8.7-26.2.mga7 libqt4-database-plugin-mysql-4.8.7-26.2.mga7 libqt4-database-plugin-sqlite-4.8.7-26.2.mga7 libqt4-database-plugin-tds-4.8.7-26.2.mga7 libqt4-database-plugin-pgsql-4.8.7-26.2.mga7 qt4-graphicssystems-plugin-4.8.7-26.2.mga7 qt4-accessibility-plugin-4.8.7-26.2.mga7 qt4-designer-4.8.7-26.2.mga7 qt4-designer-plugin-webkit-4.8.7-26.2.mga7 qt4-designer-plugin-qt3support-4.8.7-26.2.mga7 qt4-qvfb-4.8.7-26.2.mga7 qt4-qdoc3-4.8.7-26.2.mga7 qtbase5-common-5.12.6-4.mga7 qtbase5-common-devel-5.12.6-4.mga7 qtbase5-examples-5.12.6-4.mga7 qtbase5-doc-5.12.6-4.mga7 libqt5core5-5.12.6-4.mga7 libqt5core-devel-5.12.6-4.mga7 libqt5concurrent5-5.12.6-4.mga7 libqt5concurrent-devel-5.12.6-4.mga7 libqt5dbus5-5.12.6-4.mga7 libqt5dbus-devel-5.12.6-4.mga7 libqt5eglfsdeviceintegration5-5.12.6-4.mga7 libqt5eglfsdeviceintegration-devel-5.12.6-4.mga7 libqt5eglfskmssupport5-5.12.6-4.mga7 libqt5eglfskmssupport-devel-5.12.6-4.mga7 libqt5gui5-5.12.6-4.mga7 libqt5gui-devel-5.12.6-4.mga7 libqt5network5-5.12.6-4.mga7 libqt5network-devel-5.12.6-4.mga7 libqt5opengl5-5.12.6-4.mga7 libqt5opengl-devel-5.12.6-4.mga7 libqt5platformsupport-devel-5.12.6-4.mga7 libqt5printsupport5-5.12.6-4.mga7 libqt5printsupport-devel-5.12.6-4.mga7 libqt5sql5-5.12.6-4.mga7 libqt5sql-devel-5.12.6-4.mga7 libqt5test5-5.12.6-4.mga7 libqt5test-devel-5.12.6-4.mga7 libqt5widgets5-5.12.6-4.mga7 libqt5widgets-devel-5.12.6-4.mga7 libqt5xcbqpa5-5.12.6-4.mga7 libqt5xcbqpa-devel-5.12.6-4.mga7 libqt5xml5-5.12.6-4.mga7 libqt5xml-devel-5.12.6-4.mga7 libqt5base5-devel-5.12.6-4.mga7 libqt5accessibilitysupport-static-devel-5.12.6-4.mga7 libqt5linuxaccessibilitysupport-static-devel-5.12.6-4.mga7 libqt5bootstrap-static-devel-5.12.6-4.mga7 libqt5devicediscoverysupport-static-devel-5.12.6-4.mga7 libqt5eglsupport-static-devel-5.12.6-4.mga7 libqt5eventdispatchersupport-static-devel-5.12.6-4.mga7 libqt5fbsupport-static-devel-5.12.6-4.mga7 libqt5fontdatabasesupport-static-devel-5.12.6-4.mga7 libqt5glxsupport-static-devel-5.12.6-4.mga7 libqt5inputsupport-static-devel-5.12.6-4.mga7 libqt5kmssupport-static-devel-5.12.6-4.mga7 libqt5platformcompositorsupport-static-devel-5.12.6-4.mga7 libqt5servicesupport-static-devel-5.12.6-4.mga7 libqt5edid-devel-5.12.6-4.mga7 libqt5themesupport-static-devel-5.12.6-4.mga7 libqt5-database-plugin-odbc-5.12.6-4.mga7 libqt5-database-plugin-mysql-5.12.6-4.mga7 libqt5-database-plugin-sqlite-5.12.6-4.mga7 libqt5-database-plugin-tds-5.12.6-4.mga7 libqt5-database-plugin-ibase-5.12.6-4.mga7 libqt5-database-plugin-pgsql-5.12.6-4.mga7 from SRPMS: qt4-4.8.7-26.2.mga7.src.rpm qtbase5-5.12.6-4.mga7.src.rpm
Assignee: kde => qa-bugsVersion: Cauldron => 7Whiteboard: MGA7TOO => (none)
Works well on Mageia 7, Plasma 5.15, x86_64 with nvidia nonfree drivers
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0347.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED