Browse Source

Updated qt3 (3.3.8 -> 3.3.8b) : SECURITY - HIGH

CVE-2007-3388 (Medium) :
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3)
qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7)
qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to
execute arbitrary code via format string specifiers in text used to compose an error message.

CVE-2007-4137 (High) :
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows
context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string
that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the
QUtf8Codec::convertToUnicode function, but it is not exploitable.
early
Aldas Nabazas 17 years ago
parent
commit
7c924dc951
  1. 6
      qt/qt3/qt3.desc

6
qt/qt3/qt3.desc

@ -3,7 +3,7 @@
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch. [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY] [COPY]
[COPY] Filename: package/.../qt3/qt3.desc [COPY] Filename: package/.../qt3/qt3.desc
[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project [COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY] Copyright (C) 1998 - 2004 Clifford Wolf [COPY] Copyright (C) 1998 - 2004 Clifford Wolf
[COPY] [COPY]
@ -30,8 +30,8 @@
[L] GPL [L] GPL
[S] Stable [S] Stable
[V] 3.3.8 [V] 3.3.8b
[P] X -----5---9 127.000 [P] X -----5---9 127.000
[D] 2574457933 qt-x11-free-3.3.8.tar.bz2 ftp://ftp.trolltech.com/qt/source/ [D] 499223585 qt-x11-free-3.3.8b.tar.gz ftp://ftp.trolltech.com/qt/source/

Loading…
Cancel
Save