| Summary: | <dev-qt/qtgui-4.8.5-r2 : NULL pointer dereference in GIF image handler (CVE-2014-0190) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2014/04/28/1 | ||
| Whiteboard: | A3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
=dev-qt/qtgui-4.8.5-r2 has the patch. 28 May 2014; Davide Pesavento <pesa@gentoo.org> +files/qtgui-4.8.5-dont-crash-on-broken-GIF-images.patch, +qtgui-4.8.5-r2.ebuild: Apply patch for security bug #508984. Add missing deps. Please proceed with stabilization. Arches, please test and mark stable =dev-qt/qtgui-4.8.5-r2 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. Stable on alpha. amd64 stable x86 stable (In reply to Mikle Kolyada from comment #5) > amd64 stable After syncing my tree today (30 May), it looks like stabilizations have been reverted, and portage wants to downgrade me to -r1. KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" (In reply to boxcars from comment #7) > (In reply to Mikle Kolyada from comment #5) > > amd64 stable > > After syncing my tree today (30 May), it looks like stabilizations have been > reverted, and portage wants to downgrade me to -r1. > > KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 > ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos > ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" Looks good in cvs... KEYWORDS="alpha amd64 ~arm hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" You're probably syncing from an outdated mirror. If you're using the rotation, sync again. (In reply to Davide Pesavento from comment #8) > You're probably syncing from an outdated mirror. If you're using the > rotation, sync again. Re-synced and all is well. Thanks, and sorry for the noise. arm stable ia64 stable ppc64 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Vulnerable version removed. All done for qt@ Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201412-25 at http://security.gentoo.org/glsa/glsa-201412-25.xml by GLSA coordinator Sean Amoss (ackle). |
From ${URL} : CVE-2014-0190 describes a NULL pointer dereference flaw in the GIF image handler in QtGui. This could cause applications using that library to crash. Upstream announcement and patches: http://lists.qt-project.org/pipermail/announce/2014-April/000045.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.