Bug#779550: qt4-x11: CVE-2015-0295
On Mon, Mar 02, 2015 at 03:37:03PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> On Monday 02 March 2015 18:20:22 Moritz Muehlenhoff wrote:
> > On Mon, Mar 02, 2015 at 07:32:11PM +0300, Dmitry Shachnev wrote:
> > > clone -1 -2
> > > reassign -2 libqt5gui5 5.3.2+dfsg-4
> > > thanks
> > >
> > > On Mon, 02 Mar 2015 10:18:40 -0300, Lisandro Damián Nicanor Pérez Meyer
> wrote:
> > > > And we have the same bug for Qt5 too.
> > > >
> > > > Moritz, do you thing it's grave enough to update jessie via standard
> > > > methods?
> > > >
> > > > mm, now that I remember we need a tpu for qt5 /o\
> > >
> > > I think it should not be RC for Qt 5, as we have no DEs in archive
> > > using Qt 5.
> > >
> > > Re Qt 4, this can be fixed via unstable so I don't see why not to do it.
> > > But I want to hear Moritz' opinion first.
> >
> > Agreed, I didn't file both as RC since it doesn't allow code conjection.
> > For Wheezy we can either fix it along with a potential future DSA or
> > address it via a stable point update.
> >
> > Both can be fixed for jessie via unstable upload+unblock. They're
> > security bugs within the limits of what the releases managers unblock
> > at this point of the freeze.
>
> Not Qt5 due to an unvoluntary upload of some X thing that changed build
> dependencies. Qtbase should go trough TPU :-/
Is this planned during the freeze? Otherwise can fix it alongin a later point
update or security update for jessie.
Cheers,
Moritz
Reply to: