Note:
SDECFG_PKG_QT4_NO_EXCEPTIONS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Because Qt4 is figuring out by itself if the used compiler supports exceptions
the behavior was changed to explicitely disable exceptions.
Default: 0 (Qt will try to build with exceptions if supported by the compiler)
SDECFG_PKG_QT4_NO_STL
~~~~~~~~~~~~~~~~~~~~~
The old behavior to explicitely enable Qt4 STL support was changed this way,
that now you have to explicitely _disable_ it!
Default: 0 (Qt STL support is enabled)
CVE-2007-5965 (Medium - Network exploitable , Victim must voluntarily interact with attack mechanism) :
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which
might make it easier for remote attackers to trick a user into accepting an invalid server
certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a
user.
CVE-2007-3388 (Medium) :
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3)
qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7)
qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to
execute arbitrary code via format string specifiers in text used to compose an error message.
CVE-2007-4137 (High) :
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows
context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string
that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the
QUtf8Codec::convertToUnicode function, but it is not exploitable.
Christian Wiese
Christian Wiese
Aldas Nabazas
Alejandro Mery
Alejandro Mery
Minto van der Sluis