UbuntuUpdates.org

Package "qt4-x11"

Name: qt4-x11

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • transitional package for Qt 4 assistant module
  • transitional package for Qt 4 core non-GUI runtime libraries
  • Qt 4 folderlistmodel QML plugin
  • Qt 4 shaders QML plugin

Latest version: 4:4.8.1-0ubuntu4.9
Release: precise (12.04)
Level: security
Repository: universe

Links



Other versions of "qt4-x11" in Precise

Repository Area Version
base universe 4:4.8.1-0ubuntu4
base main 4:4.8.1-0ubuntu4
security main 4:4.8.1-0ubuntu4.9
updates main 4:4.8.1-0ubuntu4.9
updates universe 4:4.8.1-0ubuntu4.9
PPA: Ubuntu SDK Release 4:4.8.1-0ubuntu5~precise1~test1
PPA: Kubuntu-ppa Backports 4:4.8.2+dfsg-2ubuntu1~precise1~ppa6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4:4.8.1-0ubuntu4.9 2015-06-03 15:06:56 UTC

  qt4-x11 (4:4.8.1-0ubuntu4.9) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted GIF image
    - debian/patches/CVE-2014-0190.patch: check for broken image in
      src/gui/image/qgifhandler.cpp.
    - CVE-2014-0190
  * SECURITY UPDATE: denial of service via crafted BMP
    - debian/patches/CVE-2015-0295.patch: fix division by zero in
      src/gui/image/qbmphandler.cpp.
    - CVE-2015-0295
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted BMP or ICO images
    - debian/patches/CVE-2015-1858-1859.patch: move check to better
      location in src/gui/image/qbmphandler.cpp, check depth in
      src/plugins/imageformats/ico/qicohandler.cpp.
    - CVE-2015-1858
    - CVE-2015-1859
  * SECURITY UPDATE: denial of service and possible code exection via
    crafted GIF image
    - debian/patches/CVE-2015-1860.patch: check bounds in
      src/gui/image/qgifhandler.cpp.
    - CVE-2015-1860

 -- Marc Deslauriers <email address hidden> Wed, 27 May 2015 08:41:41 -0400

Source diff to previous version
CVE-2014-0190 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and heigh
CVE-2015-0295 The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers t
CVE-2015-1858 Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possib
CVE-2015-1859 Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possib
CVE-2015-1860 Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possib

Version: 4:4.8.1-0ubuntu4.5 2013-12-18 20:06:48 UTC

  qt4-x11 (4:4.8.1-0ubuntu4.5) precise-security; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - Add CVE-2013-4549.diff
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 22:49:13 +0000

Source diff to previous version
CVE-2013-4549 XML Entity Expansion Denial of Service

Version: 4:4.8.1-0ubuntu4.4 2013-02-14 18:06:48 UTC

  qt4-x11 (4:4.8.1-0ubuntu4.4) precise-security; urgency=low

  * SECURITY UPDATE: information disclosure via MITM redirect
    - debian/patches/CVE-2012-5624.patch: don't redirect to file URLs in
      src/declarative/qml/qdeclarativexmlhttprequest.cpp.
    - CVE-2012-5624
  * SECURITY UPDATE: incorrect errors with certificate verification
    - debian/patches/CVE-2012-6093.patch: use openssl access functions to
      properly handle layout changes in
      src/network/ssl/qsslsocket_openssl.cpp,
      src/network/ssl/qsslsocket_openssl_symbols.cpp,
      src/network/ssl/qsslsocket_openssl_symbols_p.h.
    - CVE-2012-6093
  * SECURITY UPDATE: shared memory segments incorrect permissions
    - debian/patches/CVE-2013-0254.patch: set appropriate permissions in
      src/corelib/kernel/qsharedmemory_unix.cpp,
      src/corelib/kernel/qsystemsemaphore_unix.cpp,
      src/gui/image/qnativeimage.cpp,
      src/gui/image/qpixmap_x11.cpp,
      src/plugins/platforms/xcb/qxcbwindowsurface.cpp,
      src/plugins/platforms/xlib/qxlibwindowsurface.cpp,
      tools/qvfb/qvfbshmem.cpp.
    - CVE-2013-0254
 -- Marc Deslauriers <email address hidden> Wed, 06 Feb 2013 08:21:20 -0500

Source diff to previous version
CVE-2012-5624 qt QML XmlHttpRequest insecure redirection
CVE-2012-6093 QSslSocket may report incorrect errors when certificate verification fails
CVE-2013-0254 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable

Version: 4:4.8.1-0ubuntu4.3 2012-11-08 22:07:14 UTC

  qt4-x11 (4:4.8.1-0ubuntu4.3) precise-security; urgency=low

  * SECURITY UPDATE: fix for SSL compression "CRIME" attack
    - debian/patches/CVE-2012-4929.patch: Disable SSL compression by default
    - CVE-2012-4929
    - LP: #1057578
 -- Seth Arnold <email address hidden> Mon, 22 Oct 2012 10:54:05 -0700

1057578 Vulnerable against \
CVE-2012-4929 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfusca



About   -   Send Feedback to @ubuntu_updates