https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3193 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3194
I'll add also on it https://qt.gitorious.org/qt/qt/commit/31f7ecbdcdbafbac5bbfa693e4d060757244941b
CC: (none) => balcaen.john
I'll update Qt 4.7.3 to Qt 4.7.4 since in fact it's only a bugfixe release including CVE-2011-3193 (it's not wrote in the changelog but the code is there) , CVE-2011-3194 is added via a patch Here is the list of bug fixed : QtGui ----- - [QTBUG-20214] QRentBook: LSK and RSK of booking page will change somethimes - [QTBUG-19656] Spectrum: the Mode menu disappears after the device is changed from portrait to landscape. - [QTBUG-19260] Cursor cannot be placed between letters f and i - "fi" is interpreted as one character - [QTBUG-19157] Crash in QGLContextPrivate::bindTexture() when using QPainter::fillRect() with a brush having a size > max_texture_size - [QTBUG-19089] TextInput positionToRectangle doesn't return correct coordinates for the cursor in pre-edit mode - [QTBUG-19067] Font glyphs get clipped on the top - [QTBUG-18500] QTextBlock crash - [QTBUG-18303] Arabic multiline text is clipped on the right - [QTBUG-18185] QStaticText: Wrong kerning and baselines when rotating a QGraphicsView - [QTBUG-17443] Feedreadercrash: when opening feed with unicode characters - [QTBUG-17244] QGraphicsLayout Layouting should be done in one go. Ugly layouting visible otherwise - [QTBUG-17209] Bug-231 introduces an off-by-one error - [QTBUG-17117] Arabic reordering problem when 2 fonts are used - [QTBUG-11131] QAbstractScrollArea::setViewport() causes crash when used from within event handler method - [QTBUG-16422] Big coordinate values cause segfault on ARM when calling QGraphicsEllipseItem::contains - [QTBUG-18017] Regression: Text selection with shift-click stopped working - [QTBUG-18192] Crash when invoking blockBoundingRect over a QTextDocument documentLayout - [QTBUG-17505] Inflexible focus handling in QGraphicsScene - [QTBUG-17020] QPainter::drawText() fails to draw correct text in some circumstances. Related to QTBUG-12950 - [QTBUG-16401] QGraphicsScene returns focus incorrectly when QGraphicsView is focused - [QTBUG-17812] regression: qsortfilterproxymodel::reset doesn't invalidate the model (Windows) - [QTBUG-17230] QPlainTextEdit corruption/crash after scrolling - [QTBUG-17536] qguistatemachine::cloneEvent doesn't clone GraphicsSceneWheel Events correctly - [QTBUG-17254] XPM files crash QImage (write) - [QTBUG-16292] QTreeView crash in indexRowSizeHint/itemHeight - [QTBUG-17390] Child widgets don't inherit their parent's input contexts - [QTBUG-15910] setstylesheet on a QComboBox causes a segmentation fault - [QTBUG-16652] Compilation of "4.7" branch fails: private/qdrawhelper_arm_simd_p.h: No such file or directory - [QTBUG-16175] REG: Qt 4.7/Linux Qt Designer / Qt Creator show multiple warnings: "Application asked to unregister timer 0x17000002 which is not registered in this thread. Fix application." QtNetwork --------- - [QTBUG-17464] SIGBUS in fetchAndAddOrdered from QlcdEngine::connectionStateSignalsSlot - [QTBUG-16022] QHttpNetworkConnectionChannel::expand discards data if gzip-stream has missing end-of-stream marker - [QTBUG-17199] ICD Bearer management: Causes the main thread to hang when ran on a different thread. QtCore ------ - [QTBUG-15421] QDirIterator returns hidden directories when it should only return files and returns hidden files when it should only return directories QtScript -------- - [QTBUG-17815] Missing APIShims in obsoleted QScriptValue constructor - [QTBUG-17788] Crash when calling collectGarbage() after requesting arguments object of native context QtDBus ------ - [QTBUG-14228] Ensure Qt 4.7 doesn't crash when a D-Bus message with file descriptors is received QtSql ----- - [QTBUG-14831] Dynamic sorting of a QSortFilterProxyModel on a QSqlTableModel with OnManualSubmit is broken (4.7 regression) Declarative ----------- - [QTBUG-20159] No effect of setting color on a QStaticText or a QML element - [QTBUG-18428] Colored and underlined styled text are not underlined or completely coloured on device - [QTBUG-18362] wigglytext.qml does not behave correctly in qmlscene - [QTBUG-18266] More than one XmlListModel - Lists randomly show data from wrong model - [QTBUG-15983] Cannot pass enum value as signal parameter from C++ to QML - [QTBUG-14974] ListView and GridView + contentY performance - [QTBUG-18412] Crash in sendPostedEvents() - QObject::isWidgetType() (issue with QDeclarativePixmapReply) - [QTBUG-15356] PathView doesn't update if preferredHighlightBegin and preferredHighlightEnd changed - [QTBUG-17562] TextInput text in echo mode PasswordEchoOnEdit revealed on refocus - [QTBUG-17775] Crash when using FolderListModel with a repeater - [QTBUG-17361] Nested pressDelays crashes application - [QTBUG-15705] QDeclarativeTextInput::mousePressEvent() doesn't call QInputContext::mouseHandler() - [QTBUG-17501] Focus: Tap any of the Rounded-cornered rectangle, the context menu doesn't disappear. - [QTBUG-17008] ListView + XmlListModel freeze application when change language key combination - [QTBUG-17324] incorrect 'version is not installed' error when importing QML module - [QTBUG-16999] QML TextInput doesn't scroll if writing preedit at the end of the line - [QTBUG-13451] Support property versioning in QML - [QTBUG-16959] Crash when using Grid.TopToBottom flow with Repeater inside Grid - [QTBUG-16522] QML ListView Should Support Dynamic Headers and Footers - [QTBUG-17114] QtQuick 1.1 alignment regression - [QTBUG-16283] TextEdit and TextInput need text selection modes - [QTBUG-16284] Disable drag and drop in TextEdit and TextInput - [QTBUG-19914] Segfault in QDeclarativeBinding::createBinding triggered by QMultimediaKit OpenVG ------ - [QTBUG-18682] QImage convertToFormat does not work with certain image formats when default (OpenVG) rendering engine used. OpenGL ------ - [QTBUG-14217] Unresolved symbol QGLWindowSurface::staticMetaObject when building for Windows Mobile 5.0 with OpenGL ES 1.1 support - [QTBUG-18184] mingw gcc 4 static build failed in tools/qml because of the symbol export in libQtOpenGL - [QTBUG-17256] Change QGLPixmapData load functions to use the 'convertInPlace' versions of QImage to save memory 3rdParty -------- - Image formats * [QTBUG-20425] Update bundled libpng to 1.5.4 (security) Tools ---------- - [QTBUG-18595] Enable remote debugging for qmlviewer - [QTBUG-18063] qdoc3 depends on private header files from QML - [QTBUG-16462] qdoc3 segfaults due to a uninitialized member variable when using the WebXML output.
Hello QA, could you please test this update SRPM : qt4-4.7.4-1.2.mga1.src.rpm list of x86_64 packages : lib64qt3support4-4.7.4-1.2.mga1.x86_64.rpm lib64qt4-devel-4.7.4-1.2.mga1.x86_64.rpm lib64qtclucene4-4.7.4-1.2.mga1.x86_64.rpm lib64qtcore4-4.7.4-1.2.mga1.x86_64.rpm lib64qtdbus4-4.7.4-1.2.mga1.x86_64.rpm lib64qtdeclarative4-4.7.4-1.2.mga1.x86_64.rpm lib64qtdesigner4-4.7.4-1.2.mga1.x86_64.rpm lib64qtgui4-4.7.4-1.2.mga1.x86_64.rpm lib64qthelp4-4.7.4-1.2.mga1.x86_64.rpm lib64qtmultimedia4-4.7.4-1.2.mga1.x86_64.rpm lib64qtnetwork4-4.7.4-1.2.mga1.x86_64.rpm lib64qtopengl4-4.7.4-1.2.mga1.x86_64.rpm lib64qtscript4-4.7.4-1.2.mga1.x86_64.rpm lib64qtscripttools4-4.7.4-1.2.mga1.x86_64.rpm lib64qtsql4-4.7.4-1.2.mga1.x86_64.rpm lib64qtsvg4-4.7.4-1.2.mga1.x86_64.rpm lib64qttest4-4.7.4-1.2.mga1.x86_64.rpm lib64qtwebkit4-4.7.4-1.2.mga1.x86_64.rpm lib64qtxml4-4.7.4-1.2.mga1.x86_64.rpm lib64qtxmlpatterns4-4.7.4-1.2.mga1.x86_64.rpm qt4-accessibility-plugin-4.7.4-1.2.mga1.x86_64.rpm qt4-assistant-4.7.4-1.2.mga1.x86_64.rpm qt4-common-4.7.4-1.2.mga1.x86_64.rpm qt4-database-plugin-mysql-4.7.4-1.2.mga1.x86_64.rpm qt4-database-plugin-pgsql-4.7.4-1.2.mga1.x86_64.rpm qt4-database-plugin-sqlite-4.7.4-1.2.mga1.x86_64.rpm qt4-database-plugin-tds-4.7.4-1.2.mga1.x86_64.rpm qt4-demos-4.7.4-1.2.mga1.x86_64.rpm qt4-designer-4.7.4-1.2.mga1.x86_64.rpm qt4-designer-plugin-qt3support-4.7.4-1.2.mga1.x86_64.rpm qt4-designer-plugin-webkit-4.7.4-1.2.mga1.x86_64.rpm qt4-doc-4.7.4-1.2.mga1.noarch.rpm qt4-examples-4.7.4-1.2.mga1.x86_64.rpm qt4-graphicssystems-plugin-4.7.4-1.2.mga1.x86_64.rpm qt4-linguist-4.7.4-1.2.mga1.x86_64.rpm qt4-qdoc3-4.7.4-1.2.mga1.x86_64.rpm qt4-qmlviewer-4.7.4-1.2.mga1.x86_64.rpm qt4-qtconfig-4.7.4-1.2.mga1.x86_64.rpm qt4-qtdbus-4.7.4-1.2.mga1.x86_64.rpm qt4-qvfb-4.7.4-1.2.mga1.x86_64.rpm qt4-xmlpatterns-4.7.4-1.2.mga1.x86_64.rpm list of i586 packages : libqt3support4-4.7.4-1.2.mga1.i586.rpm libqt4-devel-4.7.4-1.2.mga1.i586.rpm libqtclucene4-4.7.4-1.2.mga1.i586.rpm libqtcore4-4.7.4-1.2.mga1.i586.rpm libqtdbus4-4.7.4-1.2.mga1.i586.rpm libqtdeclarative4-4.7.4-1.2.mga1.i586.rpm libqtdesigner4-4.7.4-1.2.mga1.i586.rpm libqtgui4-4.7.4-1.2.mga1.i586.rpm libqthelp4-4.7.4-1.2.mga1.i586.rpm libqtmultimedia4-4.7.4-1.2.mga1.i586.rpm libqtnetwork4-4.7.4-1.2.mga1.i586.rpm libqtopengl4-4.7.4-1.2.mga1.i586.rpm libqtscript4-4.7.4-1.2.mga1.i586.rpm libqtscripttools4-4.7.4-1.2.mga1.i586.rpm libqtsql4-4.7.4-1.2.mga1.i586.rpm libqtsvg4-4.7.4-1.2.mga1.i586.rpm libqttest4-4.7.4-1.2.mga1.i586.rpm libqtwebkit4-4.7.4-1.2.mga1.i586.rpm libqtxml4-4.7.4-1.2.mga1.i586.rpm libqtxmlpatterns4-4.7.4-1.2.mga1.i586.rpm qt4-accessibility-plugin-4.7.4-1.2.mga1.i586.rpm qt4-assistant-4.7.4-1.2.mga1.i586.rpm qt4-common-4.7.4-1.2.mga1.i586.rpm qt4-database-plugin-mysql-4.7.4-1.2.mga1.i586.rpm qt4-database-plugin-pgsql-4.7.4-1.2.mga1.i586.rpm qt4-database-plugin-sqlite-4.7.4-1.2.mga1.i586.rpm qt4-database-plugin-tds-4.7.4-1.2.mga1.i586.rpm qt4-demos-4.7.4-1.2.mga1.i586.rpm qt4-designer-4.7.4-1.2.mga1.i586.rpm qt4-designer-plugin-qt3support-4.7.4-1.2.mga1.i586.rpm qt4-designer-plugin-webkit-4.7.4-1.2.mga1.i586.rpm qt4-doc-4.7.4-1.2.mga1.noarch.rpm qt4-examples-4.7.4-1.2.mga1.i586.rpm qt4-graphicssystems-plugin-4.7.4-1.2.mga1.i586.rpm qt4-linguist-4.7.4-1.2.mga1.i586.rpm qt4-qdoc3-4.7.4-1.2.mga1.i586.rpm qt4-qmlviewer-4.7.4-1.2.mga1.i586.rpm qt4-qtconfig-4.7.4-1.2.mga1.i586.rpm qt4-qtdbus-4.7.4-1.2.mga1.i586.rpm qt4-qvfb-4.7.4-1.2.mga1.i586.rpm qt4-xmlpatterns-4.7.4-1.2.mga1.i586.rpm
Assignee: balcaen.john => qa-bugsSource RPM: qt => qt4-4.7.3-1.mga1.src.rpm
Advisory : « This package provides the last stable version of Qt4 which is a bugfix release ( changelog is available on http://qt.gitorious.org/+qt-developers/qt/releases/blobs/v4.7.4/dist/changes-4.7.4) This packages provides also an additional fix for CVE-2011-3194 (Qt buffer overflow in greyscale images). »
There don't appear to be any exploits available to check the CVE with but libpng has been updated with this package so we should check for regressions in various packages with png images. Installed x86_64 but no testing done yet.
I've run these through the depcheck script and it doesn't appear there is any requirement for linking with this update.
(In reply to comment #5) > There don't appear to be any exploits available to check the CVE with but > libpng has been updated with this package so we should check for regressions in > various packages with png images. Well we're not using the internal png here, but the system png,i just copy & past the list of bug fixes.
Using "urpmi -a --fuzzy --media "Core Updates Testing (distrib5)" qt4" I get ... A requested package cannot be installed: qt4-database-plugin-tds-4.7.4-1.2.mga1.i586 (due to unsatisfied libsybdb.so.5) That file comes from libfreetds0, so that package will be required as a link for bug 2317. On i586, I've run /usr/lib/qt4/bin/* (one at a time), and all programs are at least runnable, and those that are gui based, are all working. I consider testing on i586 complete for this update.
CC: (none) => davidwhodgins
Yes thats right. When you use --media it restricts urpmi to the media, so anything not in that specific media will not be found. If it is a new dependency specifically in release media, not already in the previous version, then it will need a link to updates. Otherwise it will update OK.
In this case the link is not needed. See on sophie.. http://sophie.zarb.org/distrib/Mageia/1/i586/media/core-release/by-pkgid/f97450b33dc90a1854b6cac58e44d0a8/deps This dep is already required by the package from core/release, it's not a new dep being added by the new version in testing.
Tested ok x86_64
Could someone from the sysadmin team push the srpm qt4-4.7.4-1.2.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: This security update for qt4 fixes CVE-2011-3193 buffer overflow in harfbuzz module in qt4 CVE-2011-3194 buffer overflow in greyscale images in qt4 plus several qt4 bug fixes. https://bugs.mageia.org/show_bug.cgi?id=2925
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
update pushed.
Status: NEW => RESOLVEDCC: (none) => dmorganecResolution: (none) => FIXED