Bug#417390: CVE-2007-0242, Qt UTF-8 overlong sequence decoding vulnerability

To: submit@bugs.debian.org
Subject: Bug#417390: CVE-2007-0242, Qt UTF-8 overlong sequence decoding vulnerability
From: Ana Guerrero <ana@debian.org>
Date: Mon, 2 Apr 2007 16:15:05 +0100
Message-id: <[🔎] 20070402151505.GA16579@pryan.sytes.net>
Reply-to: Ana Guerrero <ana@debian.org>, 417390@bugs.debian.org

Package: qt-x11-free
Version: 3:3.3.7-3
Severity: grave
Tags: security 
Justification: user security hole

> this is a notice about a significant bug in the Qt (3.x and 4.x) UTF 8
> decoder, that in certain cases can lead to security vulnerabilies. It causes
> XSS errors at least in Konqueror, though any KDE application that deals with
> urls or paths from untrusted locations can be affected.
>
> The issue is that the UTF8 decoder incorrectly does not reject overlong
> sequences, which can cause "/../" injection or (in the case of konqueror)
> a "<script>" tag injection.
>
> The patch was embargoed, but it leaked recently into the qt snapshots and was
> also imported into qt-copy, so you can consider it public now. Originally
> Trolltech planned to disclose this with an Qt 3.3.9 release, but it seems
> they changed their mind.


This issued has been addressed in the upload 3:3.3.7-4.

Ana

Reply to:

Follow-Ups:
- Bug#417391: marked as done (CVE-2007-0242, Qt UTF-8 overlong sequence decoding vulnerability)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#417390: marked as done (CVE-2007-0242, Qt UTF-8 overlong sequence decoding vulnerability)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#417314: FTBFS with GCC 4.3: missing #includes
Next by Date: Bug#417394: Possible UTF-8 overlong sequence decoding vulnerability
Previous by thread: Bug#417314: FTBFS with GCC 4.3: missing #includes
Next by thread: Bug#417391: marked as done (CVE-2007-0242, Qt UTF-8 overlong sequence decoding vulnerability)
Index(es):
- Date
- Thread