From $URL : Description A weakness has been reported in Qt, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to the Qt library creating shared memory blocks with world-readable and world-writable permissions, which can be exploited to overwrite arbitrary data in the shared memory or read arbitrary data from the memory. The weakness is reported in versions 4.4.0 through 5.0.0. Solution: http://qt.gitorious.org/qt/qt/commit/20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c
qt-gui is affected as well.
Arches, please stabilize: =x11-libs/qt-core-4.8.4-r2 =x11-libs/qt-gui-4.8.4-r1
amd64 stable
ia64 stable
ppc64 stable
ppc stable
Stable for HPPA.
arm stable
x86 stable
alpha stable
CVE-2013-0254 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0254): The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
sparc stable
All done for us. 12 Mar 2013; Davide Pesavento <pesa@gentoo.org> -qtcore-4.8.4.ebuild: Punt vulnerable version. 12 Mar 2013; Davide Pesavento <pesa@gentoo.org> -qtgui-4.8.4.ebuild: Punt vulnerable version.
GLSA vote: yes.
GLSA vote: yes Adding to existing GLSA draft
This issue was resolved and addressed in GLSA 201311-14 at http://security.gentoo.org/glsa/glsa-201311-14.xml by GLSA coordinator Sergey Popov (pinkbyte).
