By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.

Bug 2390

Summary: [SECURITY] Need to patch qt3/tqt3 for security: CVE-2015-0295
Product: TDE Reporter: Darrell <darrella>
Component: qt3Assignee: Slávek Banko <slavek.banko>
Status: RESOLVED FIXED    
Severity: blocker CC: bugwatch, darrella, kb9vqf, slavek.banko
Priority: P1    
Version: R14.0.1 [Trinity]   
Hardware: Other   
OS: Linux   
Compiler Version: TDE Version String:
Application Version: Application Name:
Bug Depends on:    
Bug Blocks: 2246    

Description Darrell 2015-03-09 13:09:56 CDT 
http://lwn.net/Articles/635959/
Comment 1 Slávek Banko 2015-03-09 13:23:45 CDT 
As I looked into the source RPM package, there are three interesting patches:

+ qt-x11-free-3.3.8b-CVE-2013-4549.patch
+ qt-x11-free-3.3.8b-CVE-2014-0190.patch
+ qt-x11-free-3.3.8b-CVE-2015-0295.patch

I will examine it and apply as necessary.
Comment 2 Timothy Pearson 2015-03-09 13:31:05 CDT 
Security bugs should have an appropriate tag.
Comment 3 Slávek Banko 2015-03-09 23:41:25 CDT 
Patches pushed to Qt3 (73584365, ad74a11a, b3037160), TQt3 and also backported to r14.0.x branch.
Comment 4 Darrell 2015-03-12 15:41:27 CDT 
Is there anything special or specific needed to test these patches?
Comment 5 Slávek Banko 2015-05-24 11:54:33 CDT 
Added and pushed patch for CVE-2015-1860.

I believe that there is no need for special testing. For now I close this bug report.