PublicDateAtUSN: 2013-02-06
Candidate: CVE-2013-0254
PublicDate: 2013-02-06 12:05:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0254
 http://permalink.gmane.org/gmane.comp.lib.qt.devel/9759
 https://ubuntu.com/security/notices/USN-1723-1
Description:
 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before
 4.7.6, and other versions including 4.4.0 uses weak permissions
 (world-readable and world-writable) for shared memory segments, which
 allows local users to read sensitive information or modify critical program
 data, as demonstrated by reading a pixmap being sent to an X server.
Ubuntu-Description: 
Notes: 
 seth-arnold> "forthcoming 4.8.5, and the 4.7.6 [releases]"
Bugs: 
Priority: medium
Discovered-by: Tim Brown and Mark Lowe
Assigned-to: mdeslaur
CVSS: 

Patches_qt4-x11:
 upstream: http://qt.gitorious.org/qt/qt/commit/20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c (4.8)
 upstream: http://qt.gitorious.org/qt/qt/commit/57756e72adf2081137b97f0e689dd16c770d10b1 (4.7)
upstream_qt4-x11: needed
hardy_qt4-x11: ignored (reached end-of-life)
lucid_qt4-x11: released (4:4.6.2-0ubuntu5.6)
oneiric_qt4-x11: released (4:4.7.4-0ubuntu8.3)
precise_qt4-x11: released (4:4.8.1-0ubuntu4.4)
quantal_qt4-x11: released (4:4.8.3+dfsg-0ubuntu3.1)
devel_qt4-x11: released (4:4.8.4+dfsg-0ubuntu5)