By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.
Bug 2390 - [SECURITY] Need to patch qt3/tqt3 for security: CVE-2015-0295
Summary: [SECURITY] Need to patch qt3/tqt3 for security: CVE-2015-0295
Status: RESOLVED FIXED
Alias: None
Product: TDE
Classification: Unclassified
Component: qt3 (show other bugs)
Version: R14.0.1 [Trinity]
Hardware: Other Linux
: P1 blocker
Assignee: Slávek Banko
URL:
Depends on:
Blocks: R14.0.1
  Show dependency treegraph
 
Reported: 2015-03-09 13:09 CDT by Darrell
Modified: 2015-05-24 11:54 CDT (History)
4 users (show)

See Also:
Compiler Version:
TDE Version String:
Application Version:
Application Name:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Darrell 2015-03-09 13:09:56 CDT 
http://lwn.net/Articles/635959/
Comment 1 Slávek Banko 2015-03-09 13:23:45 CDT 
As I looked into the source RPM package, there are three interesting patches:

+ qt-x11-free-3.3.8b-CVE-2013-4549.patch
+ qt-x11-free-3.3.8b-CVE-2014-0190.patch
+ qt-x11-free-3.3.8b-CVE-2015-0295.patch

I will examine it and apply as necessary.
Comment 2 Timothy Pearson 2015-03-09 13:31:05 CDT 
Security bugs should have an appropriate tag.
Comment 3 Slávek Banko 2015-03-09 23:41:25 CDT 
Patches pushed to Qt3 (73584365, ad74a11a, b3037160), TQt3 and also backported to r14.0.x branch.
Comment 4 Darrell 2015-03-12 15:41:27 CDT 
Is there anything special or specific needed to test these patches?
Comment 5 Slávek Banko 2015-05-24 11:54:33 CDT 
Added and pushed patch for CVE-2015-1860.

I believe that there is no need for special testing. For now I close this bug report.