Bug 153704

Summary:	app-emulation/emul-linux-x86-qtlibs(?): khtml/qt integer overflow (CVE-2006-4811)
Product:	Gentoo Security	Reporter:	Matthias Geerdsen (RETIRED) <vorlon>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	blubb, dystopianray
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	165270

Description Matthias Geerdsen (RETIRED) gentoo-dev

2006-11-01 08:49:54 UTC

pls see bug 151838 for details and check/fix the package if needed

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2006-11-03 04:23:59 UTC

ok... i have tried to get a comment from amd64 on the other bug before, pinged people in #-dev a long while ago...

well... CC'ing amd64, pls validate

Comment 2 Olivier Crete (RETIRED) gentoo-dev

2006-11-03 08:34:36 UTC

baselibs, qtlibs and gtklibs need new versions. I'll try to see if I can do it next weekend if herbs doesn't get to it first.

Comment 3 Danny van Dyk (RETIRED) gentoo-dev

2006-11-04 05:37:22 UTC

I personally have no clue on how the package is built these days, sorry :-/
Should remove myself from metadata.xml i suppose :-)

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-11-20 22:59:44 UTC

tester, any news on this one?

Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev

2006-12-03 11:42:06 UTC

hmpf... it has been over a month now
has there been any progress here?

Comment 6 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-10 22:00:38 UTC

reping

Comment 7 Simon Stelling (RETIRED) gentoo-dev

2007-02-11 18:18:38 UTC

PONG!

I've got emul-linux-x86-qtlibs-10.0 ready. The SRC_URI files are uploading right now, so I can commit the the ebuild in ~4h.

Comment 8 Simon Stelling (RETIRED) gentoo-dev

2007-02-11 18:28:06 UTC

Uhm, actually, not quite yet, as this also needs a new baselibs which is quite some work, but "we're working on it".

Comment 9 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-11 22:35:04 UTC

(In reply to comment #8)
> Uhm, actually, not quite yet, as this also needs a new baselibs which is quite
> some work, but "we're working on it".
> 

OK :)

Comment 10 Simon Stelling (RETIRED) gentoo-dev

2007-02-12 09:13:58 UTC

10.0 is in the tree, marked ~amd64. Since it required a complete rebuild of ~40 packages, I'd like to wait a bit before stablizing it, I'm almost sure something broke. It's not like a few more days would hurt after 3 1/2 months anyway...

Comment 11 Simon Stelling (RETIRED) gentoo-dev

2007-02-16 10:30:54 UTC

Alright, it worked out a lot better then I expected it to, so emul-linux-x86-qtlibs-10.0 which fixes the issue is marked stable on amd64 now.

Comment 12 Raymond Lewis Rebbeck 2007-02-16 15:13:40 UTC

Updating these ebuilds seems to have broken the other emul-linux-x86-* ebuilds that are still putting things in /emul.

I had to update emul-linux-x86-sdl and emul-linux-x86-gtklibs to the ~arch versions that put everything in /lib32 and /usr/lib32 or their libraries weren't being detected and revdep-rebuild was spitting out missing library errors.

Comment 13 Simon Stelling (RETIRED) gentoo-dev

2007-02-16 15:51:42 UTC

(In reply to comment #12)
> Updating these ebuilds seems to have broken the other emul-linux-x86-* ebuilds
> that are still putting things in /emul.

Thanks for catching that, I had this mix installed thus it worked fine. I just marked all the latest emul-packages stable so everything goes to (/usr)/lib32.

Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-17 23:36:58 UTC

Thanks to all the developers and testers :)


it's A2 or B2 so it merits a GLSA.

Comment 15 Matthias Geerdsen (RETIRED) gentoo-dev

2007-03-07 15:41:31 UTC

this was GLSA 200703-06

so let's close it :)