CVE-2007-4137: buffer overflow in QUtf8Decoder

Debian Bug report logs - #442780
CVE-2007-4137: buffer overflow in QUtf8Decoder

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2007-4137: buffer overflow in QUtf8Decoder

Date: Sun, 16 Sep 2007 21:07:11 +0200

Package: libqt3-mt
Version: 3:3.3.7-7
Severity: grave
Tags: security patch
Justification: user security hole


A buffer overflow has been found in QUtf8Decoder in QT.
See

http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119

for more info and a patch. Please mention the CVE id in the changelog.

Message #10 received at 442780-close@bugs.debian.org (full text, mbox, reply):

From: Sune Vuorela <debian@pusling.com>

To: 442780-close@bugs.debian.org

Subject: Bug#442780: fixed in qt-x11-free 3:3.3.7-8

Date: Mon, 17 Sep 2007 22:02:39 +0000

Source: qt-x11-free
Source-Version: 3:3.3.7-8

We believe that the bug you reported is fixed in the latest version of
qt-x11-free, which is due to be installed in the Debian FTP archive:

libqt3-compat-headers_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-8_i386.deb
libqt3-headers_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-headers_3.3.7-8_i386.deb
libqt3-i18n_3.3.7-8_all.deb
  to pool/main/q/qt-x11-free/libqt3-i18n_3.3.7-8_all.deb
libqt3-mt-dev_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-8_i386.deb
libqt3-mt-ibase_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-ibase_3.3.7-8_i386.deb
libqt3-mt-mysql_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-8_i386.deb
libqt3-mt-odbc_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-8_i386.deb
libqt3-mt-psql_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-8_i386.deb
libqt3-mt-sqlite_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-8_i386.deb
libqt3-mt_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt_3.3.7-8_i386.deb
qt-x11-free-dbg_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-8_i386.deb
qt-x11-free_3.3.7-8.diff.gz
  to pool/main/q/qt-x11-free/qt-x11-free_3.3.7-8.diff.gz
qt-x11-free_3.3.7-8.dsc
  to pool/main/q/qt-x11-free/qt-x11-free_3.3.7-8.dsc
qt3-apps-dev_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt3-apps-dev_3.3.7-8_i386.deb
qt3-assistant_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt3-assistant_3.3.7-8_i386.deb
qt3-designer_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt3-designer_3.3.7-8_i386.deb
qt3-dev-tools-compat_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-8_i386.deb
qt3-dev-tools-embedded_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-8_i386.deb
qt3-dev-tools_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt3-dev-tools_3.3.7-8_i386.deb
qt3-doc_3.3.7-8_all.deb
  to pool/main/q/qt-x11-free/qt3-doc_3.3.7-8_all.deb
qt3-examples_3.3.7-8_all.deb
  to pool/main/q/qt-x11-free/qt3-examples_3.3.7-8_all.deb
qt3-linguist_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt3-linguist_3.3.7-8_i386.deb
qt3-qtconfig_3.3.7-8_i386.deb
  to pool/main/q/qt-x11-free/qt3-qtconfig_3.3.7-8_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 442780@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sune Vuorela <debian@pusling.com> (supplier of updated qt-x11-free package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 16 Sep 2007 23:13:32 +0200
Source: qt-x11-free
Binary: libqt3-i18n qt3-apps-dev libqt3-mt-sqlite qt-x11-free-dbg qt3-assistant qt3-examples qt3-doc libqt3-headers libqt3-mt-mysql libqt3-mt libqt3-mt-odbc libqt3-compat-headers qt3-dev-tools-embedded qt3-dev-tools libqt3-mt-ibase qt3-designer qt3-linguist qt3-qtconfig qt3-dev-tools-compat libqt3-mt-dev libqt3-mt-psql
Architecture: source i386 all
Version: 3:3.3.7-8
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Sune Vuorela <debian@pusling.com>
Description: 
 libqt3-compat-headers - Qt 1.x and 2.x compatibility includes
 libqt3-headers - Qt3 header files
 libqt3-i18n - i18n files for Qt3 library
 libqt3-mt  - Qt GUI Library (Threaded runtime version), Version 3
 libqt3-mt-dev - Qt development files (Threaded)
 libqt3-mt-ibase - InterBase/FireBird database driver for Qt3 (Threaded)
 libqt3-mt-mysql - MySQL database driver for Qt3 (Threaded)
 libqt3-mt-odbc - ODBC database driver for Qt3 (Threaded)
 libqt3-mt-psql - PostgreSQL database driver for Qt3 (Threaded)
 libqt3-mt-sqlite - SQLite database driver for Qt3 (Threaded)
 qt-x11-free-dbg - debugging symbols for qt-x11-free binaries
 qt3-apps-dev - Qt3 Developer applications development files
 qt3-assistant - The Qt3 assistant application
 qt3-designer - Qt3 Designer
 qt3-dev-tools - Qt3 development tools
 qt3-dev-tools-compat - Conversion utilities for Qt3 development
 qt3-dev-tools-embedded - Tools to develop embedded Qt applications
 qt3-doc    - Qt3 API documentation
 qt3-examples - Examples for Qt3
 qt3-linguist - The Qt3 Linguist
 qt3-qtconfig - The Qt3 Configuration Application
Closes: 442780
Changes: 
 qt-x11-free (3:3.3.7-8) unstable; urgency=low
 .
   * Add patch for utf8 parser decoder overflow. CVE-2007-4137
     (Closes: #442780). Thanks to Dirk Mueller for the patch and Stefan Fritsch
     for noticing it.
Files: 
 3362c82e14e97d1b0f965c5dac326140 1812 libs optional qt-x11-free_3.3.7-8.dsc
 af66b43201dd91e97e6dc672c7956e4c 237795 libs optional qt-x11-free_3.3.7-8.diff.gz
 54fa7010be527b11a8b0e0dc2affbd1f 129170 libs optional libqt3-i18n_3.3.7-8_all.deb
 d738bf6c25faa554c00ff270344af122 5614376 doc extra qt3-doc_3.3.7-8_all.deb
 62b64a38de15aed057f8dcc858b587d5 1552136 doc extra qt3-examples_3.3.7-8_all.deb
 4b32f3c29e892644f1ab67ee71dcb86e 3293408 libs optional libqt3-mt_3.3.7-8_i386.deb
 44b90a7520f3370f510dc2ef29c54970 49788 libs optional libqt3-mt-mysql_3.3.7-8_i386.deb
 9f2d2da8d6e7fec1b27dba2c360e673d 71662 libs optional libqt3-mt-odbc_3.3.7-8_i386.deb
 48db005c17b92d0d78df38d3cb87a026 55606 libs optional libqt3-mt-psql_3.3.7-8_i386.deb
 2cf2a5878a47238f490059ee0c92846d 56240 libs optional libqt3-mt-ibase_3.3.7-8_i386.deb
 c4674a4691a7f1b04aeec9eada2fef23 198652 libs optional libqt3-mt-sqlite_3.3.7-8_i386.deb
 19d42c0a84c30068e0aa65cec2079e6a 47662 libdevel optional libqt3-mt-dev_3.3.7-8_i386.deb
 b7d2b49c07b4d534ae0846929de341be 364490 devel optional libqt3-headers_3.3.7-8_i386.deb
 fcb59bede097923286484dd09a26dfbb 77484 devel optional libqt3-compat-headers_3.3.7-8_i386.deb
 601b575b25c375501ab31e230cdddadf 1241526 devel optional qt3-dev-tools_3.3.7-8_i386.deb
 68ef552c560e715d93e0b06f012f8007 4097078 devel optional qt3-designer_3.3.7-8_i386.deb
 6f9d0984476452ced2b4590e1bc91cbc 2391144 devel optional qt3-apps-dev_3.3.7-8_i386.deb
 b8ebcf9de074df3e881bca30b05cea2b 345680 devel optional qt3-linguist_3.3.7-8_i386.deb
 6ffda7153edad24369887c9dbf378ec8 242820 x11 optional qt3-assistant_3.3.7-8_i386.deb
 fa4550e6f433f681e1e91d5a559d5c52 97504 x11 optional qt3-qtconfig_3.3.7-8_i386.deb
 452f347230b6d873549074ef0a04ab17 289180 devel optional qt3-dev-tools-embedded_3.3.7-8_i386.deb
 af779dd0e383dd95c1aa13ae97320ee3 67766 devel optional qt3-dev-tools-compat_3.3.7-8_i386.deb
 f50e85d9419957ed8c7c4b0e941d6587 64533648 libdevel extra qt-x11-free-dbg_3.3.7-8_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Adeodato Simó <dato@net.com.org.es>

iEYEARECAAYFAkbu4CoACgkQgyNlRdHEGILJxwCeOH5LrWoSLOIv4l/9w6juUBVg
lXwAoNu6gI1lVi9QR85SNo7XJEKCJdbn
=ECwb
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.