File _patchinfo of Package patchinfo.3619

<patchinfo incident="3619">
  <issue id="875470" tracker="bnc">libqt4: NULL pointer dereference flaw in QGIFFormat::fillRect</issue>
  <issue id="883374" tracker="bnc">kdelibs4: KMail/KIO POP3 SSL MITM Flaw (CVE-2014-3494)</issue>
  <issue id="902670" tracker="bnc">quassel: out-of-bounds read on a heap-allocated array</issue>
  <issue id="905742" tracker="bnc">kdebase3,kdebase4-runtime: Insufficient Input Validation By IO Slaves and Webkit Part</issue>
  <issue id="921999" tracker="bnc">libqt4,qt: division by zero when processing malformed BMP files</issue>
  <issue id="CVE-2014-0190" tracker="cve" />
  <issue id="CVE-2014-8483" tracker="cve" />
  <issue id="CVE-2014-3494" tracker="cve" />
  <issue id="CVE-2014-8600" tracker="cve" />
  <issue id="CVE-2015-0295" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>sumski</packager>
  <description>KDE and QT were updated to fix security issues and bugs.

The following vulerabilities were fixed:

* CVE-2014-0190: Malformed GIF files could have crashed QT based applications
* CVE-2015-0295: Malformed BMP files could have crashed QT based applications
* CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes
* CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak
* CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack

Additionally, Konversation was updated to 1.5.1 to fix bugs.
</description>
  <summary>Security update for kdebase4-runtime, kdelibs4, konversation, kwebkitpart, libqt4</summary>
</patchinfo>
openSUSE Build Service is sponsored by