[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#699870: [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable

Hi Lisandro

[Really apologies not having replied earlier]

On Sun, Aug 18, 2013 at 09:37:06PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> On Sunday 18 August 2013 22:11:39 Salvatore Bonaccorso wrote:
> > Control: tags -1 + patch
> > 
> > Hi Qt/KDE Maintainers,
> > 
> > Attached is a (yet at all untested) patch based on the commits for the
> > 4.7 branch [1].
> > 
> >  [1]
> > http://qt.gitorious.org/qt/qt/commit/57756e72adf2081137b97f0e689dd16c770d10
> > b1
> 
> This is from the top of my head: IIRC, this got into Wheezy and I was working 
> with a fix for Squeeze which also included some blacklisting stuff that was 
> objected by a reason I don't quite remember now.
> 
> Some time later, we released Wheezy.
> 
> I currently don't have a Squeeze installation at hand nor the time to look at 
> it. I don't know the if anyone of the rest of the team has some spare time to 
> look into this.

... probably the following: Sune Vuorela pointed to #700530[1]. If the
above patches are applied, this introduces the problem mentioned on
kfreebsd-i386 and kfreebsd-amd64.

Regards,
Salvatore
Reply to: