Is CVE-2014-0254 really affecting Qt and not only Windows?

To: debian-security-tracker@lists.debian.org
Subject: Is CVE-2014-0254 really affecting Qt and not only Windows?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Thu, 30 Apr 2015 08:43:19 +0200
Message-id: <[🔎] 2fld22myv3s.fsf@diskless.uio.no>

Hi.

debsecan just reported that one of my squeeze machines was affected by
this one:

CVE-2014-0254 The IPv6 implementation in Microsoft Windows 8,...
  <http://security-tracker.debian.org/tracker/CVE-2014-0254>
  - libqtgui4, libqt4-sql-sqlite, libqt4-dev-bin, libqt4-sql,
    libqt4-declarative, libqt4-dev, libqt4-svg, libqtcore4, libqtdbus4,
    qt4-dev-tools, libqt4-network, libqt4-sql-mysql, qt4-linguist-tools,
    libqt4-script, libqt4-dbus, libqt4-opengl, libqt4-designer,
    qt4-qmake, libqt4-help, libqt4-opengl-dev, libqt4-scripttools,
    qdbus, libqt4-qt3support, libqt4-xml, libqt4-test,
    libqt4-xmlpatterns, qt4-designer
    (remotely exploitable, high urgency)

But neither Redhat nor Ubuntu believe this CVE affect their software.
Also NVD only list windows as affected.  Are you sure Qt is affected by
this CVE, or could there be a typo somewhere?

<URL: https://security-tracker.debian.org/tracker/CVE-2014-0254 >

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Is CVE-2014-0254 really affecting Qt and not only Windows?
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: External check
Next by Date: Re: Is CVE-2014-0254 really affecting Qt and not only Windows?
Previous by thread: Bug#761859: marked as done (security-tracker: please provide more information via JSON file for tracker.d.o)
Next by thread: Re: Is CVE-2014-0254 really affecting Qt and not only Windows?
Index(es):
- Date
- Thread