[SECURITY] Fedora 12 Update: qt-4.5.3-9.fc12

updates at fedoraproject.org updates at fedoraproject.org
Sat Nov 14 03:30:38 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11487
2009-11-14 02:52:09
--------------------------------------------------------------------------------

Name        : qt
Product     : Fedora 12
Version     : 4.5.3
Release     : 9.fc12
URL         : http://www.qtsoftware.com/
Summary     : Qt toolkit
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS)
implementation.    Multiple security flaws (integer underflow, invalid pointer
dereference, buffer underflow and a denial of service) were found in the way
WebKit's FTP parser used to process remote FTP directory listings.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 12 2009 Jaroslav Reznik <jreznik at redhat.com> - 4.5.3-9
- CVE-2009-3384 - WebKit, ftp listing handling (#525788)
- CVE-2009-2816 - WebKit, MITM Cross-Origin Resource Sharing (#525789)
* Sun Nov  8 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.5.3-8
- -x11: Requires: %{name}-sqlite(ppc-32)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #525788 - CVE-2009-3384 WebKit, qt: Multiple security issues while handling FTP directory listings
        https://bugzilla.redhat.com/show_bug.cgi?id=525788
  [ 2 ] Bug #525789 - CVE-2009-2816 WebKit, qt: MITM in the WebKit's Cross-Origin Resource Sharing (CORS) implementation
        https://bugzilla.redhat.com/show_bug.cgi?id=525789
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the package-announce mailing list