Hi, Nokia released two diffs[1][2] for blacklisting all the DigiNotar certificates. Please either apply it to 4.7.3 or bump to 4.7.4, apply the patch and mark it stable ASAP. Thanks [1]http://qt.nokia.com/files/qt-patches/blacklist-diginotar-certs.diff/at_download/file [2]http://qt.nokia.com/files/qt-patches/blacklist-diginotar-and-comodo-certs.diff/at_download/file
I've revbumped the current stable and testing qt-core ebuilds, adding the patch. The patch will be present in Qt 4.7.4 as well, but since I'd rather not fast stabilize a new Qt version on day one, I've revbumped qt-core-4.7.2-r1 to -r2. Please fast-stabilize that for our stable users. ebuilds containing the patch atm: x11-libs/qt-core-4.7.2-r2 x11-libs/qt-core-4.7.3-r1
Arches, please test and stabilize =x11-libs/qt-core-4.7.2-r2. It contains the said fix for DigiNotar certificates
David, please do not touch the syntax of security bugs.
(In reply to comment #1) I think you made a mistake. The patch for 4.7.{2,3} is not the same with the one for 4.7.4. Look at the $URL and my first comment. There are two patch files
(In reply to comment #4) Sorry scratch that. I didn't notice bug #382253
Thanks Alex for rapid fix. amd64 ok
Archtested on x86: Everything fine
amd64: ok
(In reply to comment #7) > Archtested on x86: Everything fine +1
x86 stable, thanks JD
arm stable
amd64 done. Thanks Agostino and Ian
ppc/ppc64 stable, last arch done
Thanks, folks. GLSA vote: yes (although I am admittedly on the fence given the situation...)
Vote: yes. Added to pending GLSA.
Last remaining affected version now masked pending removal.
Thank you all. Affected version removed from tree. Removing qt from CC, nothing to do here for us anymore.
This issue was resolved and addressed in GLSA 201311-14 at http://security.gentoo.org/glsa/glsa-201311-14.xml by GLSA coordinator Sergey Popov (pinkbyte).