14628 – qt-dcgui security flaw

Bug 14628 - qt-dcgui security flaw

Summary: qt-dcgui security flaw

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All All

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://dc.ketelhot.de/news.php
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-01-27 11:28 UTC by Graham
Modified:	2003-02-05 04:28 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Graham 2003-01-27 11:28:34 UTC

As reported by the developers of qt-dcgui all versions before 0.2.2 have a 
security flaw that allows users to download unshared files.  The fix is to 
update to 0.2.2 or above.  Versions below 0.2.2 should be removed from portage.

Comment 1 Joachim Blaabjerg (RETIRED) gentoo-dev

2003-01-27 14:22:57 UTC

I've committed 0.2.3 of dclib and qt-dcgui now. Aliz, are you going to write a GLSA 
on this one?

Comment 2 SpanKY gentoo-dev

2003-01-28 00:43:26 UTC

you forgot to add the digest and patch files for dclib-2.3 ... ive added them now though ...

Comment 3 Joachim Blaabjerg (RETIRED) gentoo-dev

2003-01-28 05:29:05 UTC

Ah, sorry. Being a gcc3 user, that just flew right by my testing.

Comment 4 Daniel Ahlberg (RETIRED) gentoo-dev

2003-02-05 04:28:47 UTC

glsa sent