Several local/remote vulnerabilities have been discovered in the Qt GUI library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3388 Tim Brown and Dirk Müller discovered several format string vulnerabilities in the handling of error messages, which might lead to the execution of arbitrary code. CVE-2007-4137 Dirk Müller discovered an off-by-one buffer overflow in the Unicode handling, which might lead to the execution of arbitrary code. For the old stable distribution (sarge), these problems have been fixed in version 3:3.3.4-3sarge3. Packages for m68k will be provided later. For the stable distribution (etch), these problems have been fixed in version 3:3.3.7-4etch1. For the unstable distribution (sid), these problems have been fixed in version 3:3.3.7-8. We recommend that you upgrade your qt-x11-free packages.
Several local/remote vulnerabilities have been discovered in the Qt GUI library. The Common Vulnerabilities and Exposures project identifies the following problems:
Tim Brown and Dirk Müller discovered several format string vulnerabilities in the handling of error messages, which might lead to the execution of arbitrary code.
Dirk Müller discovered an off-by-one buffer overflow in the Unicode handling, which might lead to the execution of arbitrary code.
For the old stable distribution (sarge), these problems have been fixed in version 3:3.3.4-3sarge3. Packages for m68k will be provided later.
For the stable distribution (etch), these problems have been fixed in version 3:3.3.7-4etch4.
For the unstable distribution (sid), these problems have been fixed in version 3:3.3.7-8.
We recommend that you upgrade your qt-x11-free packages.
MD5 checksums of the listed files are available in the original advisory.