Debian Bug report logs -
#394192
Security: integer overflow in pixmap handling (CVE-2006-4811)
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#394192; Package libqt4-core.
(full text, mbox, link).
Acknowledgement sent to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>:
New Bug report received and forwarded. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libqt4-core
Version: all
Severity: critical
Tags: security, fixed-upstream
CVE-2006-4811
A critical integer overflow was found in QT, possibly allowing remote code
execution, for example via manipulated images loaded by apps like Konqueror
See Red Hat Advisory:
https://rhn.redhat.com/errata/RHSA-2006-0720.html
"
An integer overflow flaw was found in the way Qt handled pixmap images.
The KDE khtml library uses Qt in such a way that untrusted parameters could
be passed to Qt, triggering the overflow. An attacker could for example
create a malicious web page that when viewed by a victim in the Konqueror
browser would cause Konqueror to crash or possibly execute arbitrary code
with the privileges of the victim. (CVE-2006-4811)
"
A demo exploit, leading to a crash at an up-to-date sid box, is provided at
http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138488
Patch
http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138489
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#394192; Package libqt4-core.
(full text, mbox, link).
Acknowledgement sent to fboudra@free.fr:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>.
(full text, mbox, link).
Message #10 received at 394192@bugs.debian.org (full text, mbox, reply):
Trolltech today announced the release of Qt 3.3.7, 4.1.5 and 4.2.1 - patch
releases that incorporate a fix for a security issue identified in the Qt 3.x
and Qt 4.x series. While no exploits for this security issue are currently
known, it is recommended that Qt users upgrade to these latest versions.
A security flaw was recently discovered in the way Qt 3.x and 4.x handles
pixmap images. This issue can occur only when transforming specially
prepared images from untrusted sources. Qt 3.3.7, as well as Qt 4.1.5 and
4.2.1 correct this flaw.
Reply sent to Brian Nelson <pyro@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 394192-close@bugs.debian.org (full text, mbox, reply):
Source: qt4-x11
Source-Version: 4.2.1-1
We believe that the bug you reported is fixed in the latest version of
qt4-x11, which is due to be installed in the Debian FTP archive:
libqt4-core_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/libqt4-core_4.2.1-1_i386.deb
libqt4-debug_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/libqt4-debug_4.2.1-1_i386.deb
libqt4-dev_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/libqt4-dev_4.2.1-1_i386.deb
libqt4-gui_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/libqt4-gui_4.2.1-1_i386.deb
libqt4-qt3support_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/libqt4-qt3support_4.2.1-1_i386.deb
libqt4-sql_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/libqt4-sql_4.2.1-1_i386.deb
qt4-designer_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/qt4-designer_4.2.1-1_i386.deb
qt4-dev-tools_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/qt4-dev-tools_4.2.1-1_i386.deb
qt4-doc_4.2.1-1_all.deb
to pool/main/q/qt4-x11/qt4-doc_4.2.1-1_all.deb
qt4-qtconfig_4.2.1-1_i386.deb
to pool/main/q/qt4-x11/qt4-qtconfig_4.2.1-1_i386.deb
qt4-x11_4.2.1-1.diff.gz
to pool/main/q/qt4-x11/qt4-x11_4.2.1-1.diff.gz
qt4-x11_4.2.1-1.dsc
to pool/main/q/qt4-x11/qt4-x11_4.2.1-1.dsc
qt4-x11_4.2.1.orig.tar.gz
to pool/main/q/qt4-x11/qt4-x11_4.2.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 394192@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Brian Nelson <pyro@debian.org> (supplier of updated qt4-x11 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Oct 2006 11:59:52 -0400
Source: qt4-x11
Binary: libqt4-sql libqt4-core qt4-doc libqt4-debug libqt4-qt3support qt4-designer libqt4-dev qt4-dev-tools libqt4-gui qt4-qtconfig
Architecture: source i386 all
Version: 4.2.1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Brian Nelson <pyro@debian.org>
Description:
libqt4-core - Qt 4 core non-GUI functionality runtime library
libqt4-debug - Qt 4 library debugging symbols
libqt4-dev - Qt 4 development files
libqt4-gui - Qt 4 core GUI functionality runtime library
libqt4-qt3support - Qt 3 compatibility library for Qt 4
libqt4-sql - Qt 4 SQL database module
qt4-designer - Qt 4 Designer
qt4-dev-tools - Qt 4 development tools
qt4-doc - Qt 4 API documentation
qt4-qtconfig - Qt 4 configuration tool
Closes: 394192 394351 394629
Changes:
qt4-x11 (4.2.1-1) unstable; urgency=high
.
* New upstream release
- Fixes integer overflow in pixmap handling [CVE-2006-4811]
(Closes: #394192)
.
* Install the libqtaccessiblecompatwidgets.so plugin into
libqt4-qt3support, so that libqt4-gui does not circularly depend on
libqt4-qt3support (Closes: #394351, #394629)
Files:
0c2065230e8a19cdd5f6f8984b786a76 1380 libs optional qt4-x11_4.2.1-1.dsc
2ab1c88084f55b94809f025a8503bf18 37069122 libs optional qt4-x11_4.2.1.orig.tar.gz
1511b107f2ba6fc5915c17796156876d 21012 libs optional qt4-x11_4.2.1-1.diff.gz
530327bf230aedc7144b497dacaf2e56 21218906 doc optional qt4-doc_4.2.1-1_all.deb
5dc4923e3228f05ebed7b134188b2a61 4197986 libdevel optional libqt4-dev_4.2.1-1_i386.deb
220c6c1fa4b59c398db741e50c0e6c52 1166538 libs optional libqt4-core_4.2.1-1_i386.deb
a815b80ebf4715c2b3f97d5bdb120a5e 4549314 libs optional libqt4-gui_4.2.1-1_i386.deb
d208272fc7625c5efad26cdb86080821 311958 libs optional libqt4-sql_4.2.1-1_i386.deb
f530a912fe4d13167ae34cc0e3615a56 1251314 libs optional libqt4-qt3support_4.2.1-1_i386.deb
92492fedc70d228c8e05bddb7667a362 1066332 devel optional qt4-designer_4.2.1-1_i386.deb
8a2e4653f7a11d2c9832b72f1137b68a 57206204 libs optional libqt4-debug_4.2.1-1_i386.deb
564d7484e0f31ff420d126c0518316e1 745354 devel optional qt4-dev-tools_4.2.1-1_i386.deb
68bfd3ca597293d058bb50d63cb87e36 94378 x11 optional qt4-qtconfig_4.2.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFPRKY1Ng1YWbyRSERAqAjAJ4/PMa+opHq1QppM1xkF+wu24Oz0gCeO0yJ
YEZXNMMRx/AHrSOmmSSt3dE=
=3ice
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 27 Jun 2007 04:18:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:49:14 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon