Bug#442780: marked as done (CVE-2007-4137: buffer overflow in QUtf8Decoder)
Your message dated Mon, 17 Sep 2007 22:02:39 +0000
with message-id <E1IXOfv-0007rY-Ry@ries.debian.org>
and subject line Bug#442780: fixed in qt-x11-free 3:3.3.7-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libqt3-mt
Version: 3:3.3.7-7
Severity: grave
Tags: security patch
Justification: user security hole
A buffer overflow has been found in QUtf8Decoder in QT.
See
http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119
for more info and a patch. Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
Source: qt-x11-free
Source-Version: 3:3.3.7-8
We believe that the bug you reported is fixed in the latest version of
qt-x11-free, which is due to be installed in the Debian FTP archive:
libqt3-compat-headers_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-8_i386.deb
libqt3-headers_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-headers_3.3.7-8_i386.deb
libqt3-i18n_3.3.7-8_all.deb
to pool/main/q/qt-x11-free/libqt3-i18n_3.3.7-8_all.deb
libqt3-mt-dev_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-8_i386.deb
libqt3-mt-ibase_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-mt-ibase_3.3.7-8_i386.deb
libqt3-mt-mysql_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-8_i386.deb
libqt3-mt-odbc_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-8_i386.deb
libqt3-mt-psql_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-8_i386.deb
libqt3-mt-sqlite_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-8_i386.deb
libqt3-mt_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/libqt3-mt_3.3.7-8_i386.deb
qt-x11-free-dbg_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-8_i386.deb
qt-x11-free_3.3.7-8.diff.gz
to pool/main/q/qt-x11-free/qt-x11-free_3.3.7-8.diff.gz
qt-x11-free_3.3.7-8.dsc
to pool/main/q/qt-x11-free/qt-x11-free_3.3.7-8.dsc
qt3-apps-dev_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt3-apps-dev_3.3.7-8_i386.deb
qt3-assistant_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt3-assistant_3.3.7-8_i386.deb
qt3-designer_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt3-designer_3.3.7-8_i386.deb
qt3-dev-tools-compat_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-8_i386.deb
qt3-dev-tools-embedded_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-8_i386.deb
qt3-dev-tools_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt3-dev-tools_3.3.7-8_i386.deb
qt3-doc_3.3.7-8_all.deb
to pool/main/q/qt-x11-free/qt3-doc_3.3.7-8_all.deb
qt3-examples_3.3.7-8_all.deb
to pool/main/q/qt-x11-free/qt3-examples_3.3.7-8_all.deb
qt3-linguist_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt3-linguist_3.3.7-8_i386.deb
qt3-qtconfig_3.3.7-8_i386.deb
to pool/main/q/qt-x11-free/qt3-qtconfig_3.3.7-8_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 442780@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sune Vuorela <debian@pusling.com> (supplier of updated qt-x11-free package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 16 Sep 2007 23:13:32 +0200
Source: qt-x11-free
Binary: libqt3-i18n qt3-apps-dev libqt3-mt-sqlite qt-x11-free-dbg qt3-assistant qt3-examples qt3-doc libqt3-headers libqt3-mt-mysql libqt3-mt libqt3-mt-odbc libqt3-compat-headers qt3-dev-tools-embedded qt3-dev-tools libqt3-mt-ibase qt3-designer qt3-linguist qt3-qtconfig qt3-dev-tools-compat libqt3-mt-dev libqt3-mt-psql
Architecture: source i386 all
Version: 3:3.3.7-8
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Sune Vuorela <debian@pusling.com>
Description:
libqt3-compat-headers - Qt 1.x and 2.x compatibility includes
libqt3-headers - Qt3 header files
libqt3-i18n - i18n files for Qt3 library
libqt3-mt - Qt GUI Library (Threaded runtime version), Version 3
libqt3-mt-dev - Qt development files (Threaded)
libqt3-mt-ibase - InterBase/FireBird database driver for Qt3 (Threaded)
libqt3-mt-mysql - MySQL database driver for Qt3 (Threaded)
libqt3-mt-odbc - ODBC database driver for Qt3 (Threaded)
libqt3-mt-psql - PostgreSQL database driver for Qt3 (Threaded)
libqt3-mt-sqlite - SQLite database driver for Qt3 (Threaded)
qt-x11-free-dbg - debugging symbols for qt-x11-free binaries
qt3-apps-dev - Qt3 Developer applications development files
qt3-assistant - The Qt3 assistant application
qt3-designer - Qt3 Designer
qt3-dev-tools - Qt3 development tools
qt3-dev-tools-compat - Conversion utilities for Qt3 development
qt3-dev-tools-embedded - Tools to develop embedded Qt applications
qt3-doc - Qt3 API documentation
qt3-examples - Examples for Qt3
qt3-linguist - The Qt3 Linguist
qt3-qtconfig - The Qt3 Configuration Application
Closes: 442780
Changes:
qt-x11-free (3:3.3.7-8) unstable; urgency=low
.
* Add patch for utf8 parser decoder overflow. CVE-2007-4137
(Closes: #442780). Thanks to Dirk Mueller for the patch and Stefan Fritsch
for noticing it.
Files:
3362c82e14e97d1b0f965c5dac326140 1812 libs optional qt-x11-free_3.3.7-8.dsc
af66b43201dd91e97e6dc672c7956e4c 237795 libs optional qt-x11-free_3.3.7-8.diff.gz
54fa7010be527b11a8b0e0dc2affbd1f 129170 libs optional libqt3-i18n_3.3.7-8_all.deb
d738bf6c25faa554c00ff270344af122 5614376 doc extra qt3-doc_3.3.7-8_all.deb
62b64a38de15aed057f8dcc858b587d5 1552136 doc extra qt3-examples_3.3.7-8_all.deb
4b32f3c29e892644f1ab67ee71dcb86e 3293408 libs optional libqt3-mt_3.3.7-8_i386.deb
44b90a7520f3370f510dc2ef29c54970 49788 libs optional libqt3-mt-mysql_3.3.7-8_i386.deb
9f2d2da8d6e7fec1b27dba2c360e673d 71662 libs optional libqt3-mt-odbc_3.3.7-8_i386.deb
48db005c17b92d0d78df38d3cb87a026 55606 libs optional libqt3-mt-psql_3.3.7-8_i386.deb
2cf2a5878a47238f490059ee0c92846d 56240 libs optional libqt3-mt-ibase_3.3.7-8_i386.deb
c4674a4691a7f1b04aeec9eada2fef23 198652 libs optional libqt3-mt-sqlite_3.3.7-8_i386.deb
19d42c0a84c30068e0aa65cec2079e6a 47662 libdevel optional libqt3-mt-dev_3.3.7-8_i386.deb
b7d2b49c07b4d534ae0846929de341be 364490 devel optional libqt3-headers_3.3.7-8_i386.deb
fcb59bede097923286484dd09a26dfbb 77484 devel optional libqt3-compat-headers_3.3.7-8_i386.deb
601b575b25c375501ab31e230cdddadf 1241526 devel optional qt3-dev-tools_3.3.7-8_i386.deb
68ef552c560e715d93e0b06f012f8007 4097078 devel optional qt3-designer_3.3.7-8_i386.deb
6f9d0984476452ced2b4590e1bc91cbc 2391144 devel optional qt3-apps-dev_3.3.7-8_i386.deb
b8ebcf9de074df3e881bca30b05cea2b 345680 devel optional qt3-linguist_3.3.7-8_i386.deb
6ffda7153edad24369887c9dbf378ec8 242820 x11 optional qt3-assistant_3.3.7-8_i386.deb
fa4550e6f433f681e1e91d5a559d5c52 97504 x11 optional qt3-qtconfig_3.3.7-8_i386.deb
452f347230b6d873549074ef0a04ab17 289180 devel optional qt3-dev-tools-embedded_3.3.7-8_i386.deb
af779dd0e383dd95c1aa13ae97320ee3 67766 devel optional qt3-dev-tools-compat_3.3.7-8_i386.deb
f50e85d9419957ed8c7c4b0e941d6587 64533648 libdevel extra qt-x11-free-dbg_3.3.7-8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Adeodato Simó <dato@net.com.org.es>
iEYEARECAAYFAkbu4CoACgkQgyNlRdHEGILJxwCeOH5LrWoSLOIv4l/9w6juUBVg
lXwAoNu6gI1lVi9QR85SNo7XJEKCJdbn
=ECwb
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: