Updated qt3 (3.3.8 -> 3.3.8b) : SECURITY - HIGH

CVE-2007-3388 (Medium) : Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. CVE-2007-4137 (High) : Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.
17 years ago · 7c924dc951
1 changed files with 3 additions and 3 deletions
--- a/qt/qt3/qt3.desc
+++ b/qt/qt3/qt3.desc
@ -3,7 +3,7 @@
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
 [COPY] Filename: package/.../qt3/qt3.desc
-[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project
+[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
 [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
 [COPY] Copyright (C) 1998 - 2004 Clifford Wolf
 [COPY]
@ -30,8 +30,8 @@

 [L] GPL
 [S] Stable
-[V] 3.3.8
+[V] 3.3.8b
 [P] X -----5---9 127.000

-[D] 2574457933 qt-x11-free-3.3.8.tar.bz2 ftp://ftp.trolltech.com/qt/source/
+[D] 499223585 qt-x11-free-3.3.8b.tar.gz ftp://ftp.trolltech.com/qt/source/