Security update for kdebase4-runtime, kdelibs4, konversation, kwebkitpart, libqt4

KDE and QT were updated to fix security issues and bugs.

The following vulerabilities were fixed:

* CVE-2014-0190: Malformed GIF files could have crashed QT based applications
* CVE-2015-0295: Malformed BMP files could have crashed QT based applications
* CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes
* CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak
* CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack

Additionally, Konversation was updated to 1.5.1 to fix bugs.

Fixed bugs
libqt4: NULL pointer dereference flaw in QGIFFormat::fillRect
kdelibs4: KMail/KIO POP3 SSL MITM Flaw (CVE-2014-3494)
quassel: out-of-bounds read on a heap-allocated array
kdebase3,kdebase4-runtime: Insufficient Input Validation By IO Slaves and Webkit Part
libqt4,qt: division by zero when processing malformed BMP files
Selected Binaries
openSUSE Build Service is sponsored by