Bug#417390: CVE-2007-0242, Qt UTF-8 overlong sequence decoding vulnerability
Package: qt-x11-free
Version: 3:3.3.7-3
Severity: grave
Tags: security
Justification: user security hole
> this is a notice about a significant bug in the Qt (3.x and 4.x) UTF 8
> decoder, that in certain cases can lead to security vulnerabilies. It causes
> XSS errors at least in Konqueror, though any KDE application that deals with
> urls or paths from untrusted locations can be affected.
>
> The issue is that the UTF8 decoder incorrectly does not reject overlong
> sequences, which can cause "/../" injection or (in the case of konqueror)
> a "<script>" tag injection.
>
> The patch was embargoed, but it leaked recently into the qt snapshots and was
> also imported into qt-copy, so you can consider it public now. Originally
> Trolltech planned to disclose this with an Qt 3.3.9 release, but it seems
> they changed their mind.
This issued has been addressed in the upload 3:3.3.7-4.
Ana
Reply to: