[Development] [Announce] Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling
Thiago Macieira
thiago.macieira at intel.com
Wed Apr 22 03:04:43 CEST 2015
On Wednesday 22 April 2015 02:14:47 Kevin Kofler wrote:
> > CVE-2015-1860 GIF vulnerability
>
> Qt 3 appears to be VULNERABLE to this issue. I backported the fix from Qt 4:
> http://pkgs.fedoraproject.org/cgit/qt3.git/plain/qt-x11-free-3.3.8b-CVE-201
> 5-1860.patch
>
> Please note that Qt 3 is NOT supported by the Qt Project anymore. The above
> backported patch (CVE-2015-1860) and statements of non-vulnerability
> (CVE-2015-1858/1859) are user-contributed (by me, a volunteer Fedora
> packager) on a purely as-is basis.
>
> I hope this helps,
> Kevin Kofler
Thanks Kevin, the patch is useful.
Richard, can you relay Kevin's patch to the distro security announcements too?
They may find it useful.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Development
mailing list