Summary: | <dev-qt/qtcore-4.7.2-r2 Fraudulent DigiNotar certificates | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Markos Chandras (RETIRED) <hwoarang> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://labs.qt.nokia.com/2011/09/07/what-the-diginotar-security-breach-means-for-qt-users-continued/ | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 382253 | ||
Bug Blocks: |
Description
Markos Chandras (RETIRED)
2011-09-07 19:08:47 UTC
I've revbumped the current stable and testing qt-core ebuilds, adding the patch. The patch will be present in Qt 4.7.4 as well, but since I'd rather not fast stabilize a new Qt version on day one, I've revbumped qt-core-4.7.2-r1 to -r2. Please fast-stabilize that for our stable users. ebuilds containing the patch atm: x11-libs/qt-core-4.7.2-r2 x11-libs/qt-core-4.7.3-r1 Arches, please test and stabilize =x11-libs/qt-core-4.7.2-r2. It contains the said fix for DigiNotar certificates David, please do not touch the syntax of security bugs. (In reply to comment #1) I think you made a mistake. The patch for 4.7.{2,3} is not the same with the one for 4.7.4. Look at the $URL and my first comment. There are two patch files (In reply to comment #4) Sorry scratch that. I didn't notice bug #382253 Thanks Alex for rapid fix. amd64 ok Archtested on x86: Everything fine amd64: ok (In reply to comment #7) > Archtested on x86: Everything fine +1 x86 stable, thanks JD arm stable amd64 done. Thanks Agostino and Ian ppc/ppc64 stable, last arch done Thanks, folks. GLSA vote: yes (although I am admittedly on the fence given the situation...) Vote: yes. Added to pending GLSA. Last remaining affected version now masked pending removal. Thank you all. Affected version removed from tree. Removing qt from CC, nothing to do here for us anymore. This issue was resolved and addressed in GLSA 201311-14 at http://security.gentoo.org/glsa/glsa-201311-14.xml by GLSA coordinator Sergey Popov (pinkbyte). |