Updated qt4 and qtbase5 packages fix security vulnerability
Publication date: 29 May 2014Modification date: 29 May 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-0190
Description
A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui.
If an application using the qt-x11 libraries opened a malicious GIF file with
invalid width and height values, it could cause the application to crash
(CVE-2014-0190).
Qt4 has been patched to correct this flaw and has been updated to version
4.8.6, which fixes several other bugs.
Qtbase5 has also been patched to correct this flaw.
References
- https://bugs.mageia.org/show_bug.cgi?id=13276
- http://lists.qt-project.org/pipermail/announce/2014-April/000045.html
- http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
- https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html
- https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132648.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0190
SRPMS
4/core
- qt4-4.8.6-1.mga4
- qtbase5-5.2.0-2.3.mga4