All Ubuntu package versions


AllTrustySaucyRaringPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "qt4-x11"

Name: qt4-x11

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Qt 4 Phonon library development files
  • Qt 4 Phonon module
  • Qt 4 assistant module
  • transitional package for Qt 4 core non-GUI runtime libraries

Latest version: 4:4.6.2-0ubuntu5.6
Release: lucid (10.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "qt4-x11": http://www.ubuntuupdates.org/qt4-x11

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "qt4-x11" in Lucid

RepositoryAreaVersion
base main 4:4.6.2-0ubuntu5
base universe 4:4.6.2-0ubuntu5
security main 4:4.6.2-0ubuntu5.6
security universe 4:4.6.2-0ubuntu5.6
updates universe 4:4.6.2-0ubuntu5.6
PPA: Kubuntu Updates 4:4.6.3-0ubuntu1

Packages in group

Deleted packages are displayed in grey.

libphonon-dev libphonon4 libqt4-assistant libqt4-core libqt4-dbg
libqt4-dbus libqt4-designer libqt4-dev libqt4-gui libqt4-help
libqt4-multimedia libqt4-network libqt4-opengl libqt4-opengl-dev libqt4-phonon
libqt4-phonon-dev libqt4-qt3support libqt4-script libqt4-scripttools libqt4-sql
libqt4-sql-mysql libqt4-sql-odbc libqt4-sql-psql libqt4-sql-sqlite libqt4-sql-sqlite2
libqt4-sql-tds libqt4-svg libqt4-test libqt4-webkit libqt4-webkit-dbg
libqt4-xml libqt4-xmlpatterns libqt4-xmlpatterns-dbg libqtcore4 libqtgui4
phonon phonon-dbg qt4-demos qt4-demos-dbg qt4-designer
qt4-dev-tools qt4-doc qt4-doc-html qt4-qmake qt4-qtconfig

Change Log

Version: 4:4.6.2-0ubuntu5.6 2013-02-14 23:07:15 UTC

  qt4-x11 (4:4.6.2-0ubuntu5.6) lucid-security; urgency=low

  * SECURITY UPDATE: incorrect errors with certificate verification
    - debian/patches/CVE-2012-6093.patch: use openssl access functions to
      properly handle layout changes in
      src/network/ssl/qsslsocket_openssl.cpp,
      src/network/ssl/qsslsocket_openssl_symbols.cpp,
      src/network/ssl/qsslsocket_openssl_symbols_p.h.
    - CVE-2012-6093
  * SECURITY UPDATE: shared memory segments incorrect permissions
    - debian/patches/CVE-2013-0254.patch: set appropriate permissions in
      src/corelib/kernel/qsharedmemory_unix.cpp,
      src/corelib/kernel/qsystemsemaphore_unix.cpp,
      src/gui/image/qnativeimage.cpp,
      src/gui/image/qpixmap_x11.cpp,
      tools/qvfb/qvfbshmem.cpp.
    - CVE-2013-0254
 -- Marc Deslauriers <email address hidden> Wed, 06 Feb 2013 08:41:09 -0500

Source diff to previous version
CVE-2012-6093 QSslSocket may report incorrect errors when certificate verification fails
CVE-2013-0254 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable

Version: 4:4.6.2-0ubuntu5.5 2012-11-09 00:07:27 UTC

  qt4-x11 (4:4.6.2-0ubuntu5.5) lucid-security; urgency=low

  * SECURITY UPDATE: fix for SSL compression "CRIME" attack
    - debian/patches/CVE-2012-4929.patch: Disable SSL compression by default
    - CVE-2012-4929
    - LP: #1057578
 -- Seth Arnold <email address hidden> Mon, 22 Oct 2012 10:44:46 -0700

Source diff to previous version
1057578 Vulnerable against \
CVE-2012-4929 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfusca

Version: 4:4.6.2-0ubuntu5.4 2012-07-12 00:06:46 UTC

  qt4-x11 (4:4.6.2-0ubuntu5.4) lucid-security; urgency=low

  * SECURITY: fix for wildcard domains and IP addresses
    - debian/patches/CVE-2010-5076.patch: adjust certificate verification to
      properly validate hostnames and IP addresses
    - CVE-2010-5076
  * SECURITY UPDATE: fix buffer overflow in HarfBuzz
    - debian/patches/CVE-2011-3193.patch: adjust Lookup_MarkMarkPos() in
      harfbuzz-gpos.c to properly perform input validation when processing
      certain fonts
    - CVE-2011-3193
  * SECURITY UPDATE: fix potential buffer overflow and crash in TIFF reader
    - debian/patches/CVE-2011-3194.patch: adjust QTiffHandler::read() to
      properly calculate the bits per pixel for greyscale TIFF images
    - CVE-2011-3194
 -- Jamie Strandboge <email address hidden> Mon, 09 Jul 2012 16:01:14 -0500

Source diff to previous version
CVE-2010-5076 QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-i
CVE-2011-3193 Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows r
CVE-2011-3194 Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly

Version: 4:4.6.2-0ubuntu5.3 2011-09-22 21:02:30 UTC

qt4-x11 (4:4.6.2-0ubuntu5.3) lucid-security; urgency=low

  * SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
    Fraudulent certificates were mis-issued that could allow an attacker to
    monitor secure communication through a man-in-the-middle (MITM) attack
    - add debian/patches/kubuntu_31_blacklist_ssl_certificates_part2.diff
    - LP: #837557

 -- Micah Gersten Fri, 09 Sep 2011 18:36:48 -0500

Source diff to previous version
837557 Fraudulent *.google.com Certificate

Version: 4:4.6.2-0ubuntu5.2 2011-04-01 09:03:52 UTC

qt4-x11 (4:4.6.2-0ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
    - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
      lists and blocks known bad certificates
    - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
    - http://bugreports.qt.nokia.com/browse/QTBUG-18338
    - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

 -- Jonathan Riddell Sun, 27 Mar 2011 23:55:30 -0500

742377 blacklist fake Comodo SSL certificates



About   -   Changelog   -   Send Feedback