Add 'metadata/glsa/' from commit 'aacff3c55fb52643f95332002ecdb7d439b8e4df'

git-subtree-dir: metadata/glsa
git-subtree-mainline: 3149e13ab601ad3a8f925656fd88567d2626de47
git-subtree-split: aacff3c55fb52643f95332002ecdb7d439b8e4df

1 files changed, 72 insertions, 0 deletions

diff --git a/metadata/glsa/glsa-200408-20.xml b/metadata/glsa/glsa-200408-20.xml
new file mode 100644
index 000000000000..bbe3c4a762f4
--- /dev/null
+++ b/metadata/glsa/glsa-200408-20.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200408-20">
+  <title>Qt: Image loader overflows</title>
+  <synopsis>
+    There are several bugs in Qt's image-handling code which could lead to
+    crashes or arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">Qt</product>
+  <announced>August 22, 2004</announced>
+  <revised>May 22, 2006: 02</revised>
+  <bug>60855</bug>
+  <access>local</access>
+  <affected>
+    <package name="x11-libs/qt" auto="yes" arch="*">
+      <unaffected range="ge">3.3.3</unaffected>
+      <vulnerable range="le">3.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>
+    Qt is a cross-platform GUI toolkit used by KDE.
+    </p>
+  </background>
+  <description>
+    <p>
+    There are several unspecified bugs in the QImage class which may cause
+    crashes or allow execution of arbitrary code as the user running the Qt
+    application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image
+    types.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>
+    An attacker may exploit these bugs by causing a user to open a
+    carefully-constructed image file in any one of these formats. This may
+    be accomplished through e-mail attachments (if the user uses KMail), or
+    by simply placing a malformed image on a website and then convicing the
+    user to load the site in a Qt-based browser (such as Konqueror).
+    </p>
+  </impact>
+  <workaround>
+    <p>
+    There is no known workaround at this time. All users are encouraged to
+    upgrade to the latest available version of Qt.
+    </p>
+  </workaround>
+  <resolution>
+    <p>
+    All Qt users should upgrade to the latest version:
+    </p>
+    <code>
+    # emerge sync
+    
+    # emerge -pv &quot;&gt;=x11-libs/qt-3.3.3&quot;
+    # emerge &quot;&gt;=x11-libs/qt-3.3.3&quot;</code>
+  </resolution>
+  <references>
+    <uri link="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:085">Mandrake Advisory</uri>
+    <uri link="http://www.trolltech.com/developer/changes/changes-3.3.3.html">Qt 3.3.3 ChangeLog</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0691">CVE-2004-0691</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0692">CVE-2004-0692</uri>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0693">CVE-2004-0693</uri>
+  </references>
+  <metadata tag="requester" timestamp="Fri, 20 Aug 2004 22:45:25 +0000">
+    jaervosz
+  </metadata>
+  <metadata tag="submitter" timestamp="Sat, 21 Aug 2004 19:29:43 +0000">
+    condordes
+  </metadata>
+</glsa>