Package "qt4-x11"
| Name: |
qt4-x11
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Qt 4 Phonon library development files
- Qt 4 Phonon module
- Qt 4 assistant module
- transitional package for Qt 4 core non-GUI runtime libraries
|
| Latest version: |
4:4.6.2-0ubuntu5.6 |
| Release: |
lucid (10.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
http://www.qtsoftware.com |
Links
Save this URL for the latest version of "qt4-x11":
http://www.ubuntuupdates.org/qt4-x11
Other versions of "qt4-x11" in Lucid
Packages in group
Deleted packages are displayed in grey.
Change Log
| Version: 4:4.6.2-0ubuntu5.6
|
2013-02-14 23:07:15 UTC
|
|
qt4-x11 (4:4.6.2-0ubuntu5.6) lucid-security; urgency=low
* SECURITY UPDATE: incorrect errors with certificate verification
- debian/patches/CVE-2012-6093.patch: use openssl access functions to
properly handle layout changes in
src/network/ssl/qsslsocket_openssl.cpp,
src/network/ssl/qsslsocket_openssl_symbols.cpp,
src/network/ssl/qsslsocket_openssl_symbols_p.h.
- CVE-2012-6093
* SECURITY UPDATE: shared memory segments incorrect permissions
- debian/patches/CVE-2013-0254.patch: set appropriate permissions in
src/corelib/kernel/qsharedmemory_unix.cpp,
src/corelib/kernel/qsystemsemaphore_unix.cpp,
src/gui/image/qnativeimage.cpp,
src/gui/image/qpixmap_x11.cpp,
tools/qvfb/qvfbshmem.cpp.
- CVE-2013-0254
-- Marc Deslauriers <email address hidden> Wed, 06 Feb 2013 08:41:09 -0500
|
| Source diff to previous version |
| CVE-2012-6093 |
QSslSocket may report incorrect errors when certificate verification fails |
| CVE-2013-0254 |
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable |
|
| Version: 4:4.6.2-0ubuntu5.5
|
2012-11-09 00:07:27 UTC
|
|
qt4-x11 (4:4.6.2-0ubuntu5.5) lucid-security; urgency=low
* SECURITY UPDATE: fix for SSL compression "CRIME" attack
- debian/patches/CVE-2012-4929.patch: Disable SSL compression by default
- CVE-2012-4929
- LP: #1057578
-- Seth Arnold <email address hidden> Mon, 22 Oct 2012 10:44:46 -0700
|
| Source diff to previous version |
| 1057578 |
Vulnerable against \ |
| CVE-2012-4929 |
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfusca |
|
| Version: 4:4.6.2-0ubuntu5.4
|
2012-07-12 00:06:46 UTC
|
|
qt4-x11 (4:4.6.2-0ubuntu5.4) lucid-security; urgency=low
* SECURITY: fix for wildcard domains and IP addresses
- debian/patches/CVE-2010-5076.patch: adjust certificate verification to
properly validate hostnames and IP addresses
- CVE-2010-5076
* SECURITY UPDATE: fix buffer overflow in HarfBuzz
- debian/patches/CVE-2011-3193.patch: adjust Lookup_MarkMarkPos() in
harfbuzz-gpos.c to properly perform input validation when processing
certain fonts
- CVE-2011-3193
* SECURITY UPDATE: fix potential buffer overflow and crash in TIFF reader
- debian/patches/CVE-2011-3194.patch: adjust QTiffHandler::read() to
properly calculate the bits per pixel for greyscale TIFF images
- CVE-2011-3194
-- Jamie Strandboge <email address hidden> Mon, 09 Jul 2012 16:01:14 -0500
|
| Source diff to previous version |
| CVE-2010-5076 |
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-i |
| CVE-2011-3193 |
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows r |
| CVE-2011-3194 |
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly |
|
| Version: 4:4.6.2-0ubuntu5.3
|
2011-09-22 21:02:30 UTC
|
|
qt4-x11 (4:4.6.2-0ubuntu5.3) lucid-security; urgency=low
* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
Fraudulent certificates were mis-issued that could allow an attacker to
monitor secure communication through a man-in-the-middle (MITM) attack
- add debian/patches/kubuntu_31_blacklist_ssl_certificates_part2.diff
- LP: #837557
-- Micah Gersten Fri, 09 Sep 2011 18:36:48 -0500
|
| Source diff to previous version |
| 837557 |
Fraudulent *.google.com Certificate |
|
| Version: 4:4.6.2-0ubuntu5.2
|
2011-04-01 09:03:52 UTC
|
|
qt4-x11 (4:4.6.2-0ubuntu5.2) lucid-security; urgency=low
* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
- Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
lists and blocks known bad certificates
- http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
- http://bugreports.qt.nokia.com/browse/QTBUG-18338
- http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
-- Jonathan Riddell Sun, 27 Mar 2011 23:55:30 -0500
|
| 742377 |
blacklist fake Comodo SSL certificates |
|
