Security fix for Qt (3.3, 4.1 and 4.2)

Bug #67475 reported by IndigoJo on 2006-10-22
254
Affects Status Importance Assigned to Milestone
qt-x11-free (Debian)
Fix Released
Unknown
qt-x11-free (Ubuntu)
Undecided
Unassigned
qt4-x11 (Ubuntu)
Undecided
Unassigned

Bug Description

Trolltech has released three new versions of Qt, containing a security patch which prevents the system being compromised when transforming specially prepared pixmaps from untrusted sources. The new versions are 3.3.7, 4.1.5 and 4.2.1 and are recommended upgrades.

Note: the original reporter indicated the bug was in package 'libqt3'; however, that package was not published in Ubuntu.

CVE References

Changed in qt-x11-free:
status: Unknown → Fix Released
Kai Kasurinen (kai-kasurinen) wrote :

qt-x11-free (3:3.3.6-3ubuntu3) edgy; urgency=low

  * SECURITY UPDATE: integer overflow flaw
  * An integer overflow flaw was discovered in the way Qt 3.x and 4.x handles
    pixmap images. This issue can occur when transforming
    specially prepared images from untrusted sources.
  * Add kubuntu_05_CVE-2006-4811-qt3_pixmap.dpatch fix
  * References:
   - CVE-2006-4811
   - http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733

 -- Jonathan Riddell <email address hidden> Fri, 20 Oct 2006 16:50:19 +0100

Changed in qt-x11-free:
status: Unconfirmed → Fix Released
Kai Kasurinen (kai-kasurinen) wrote :

qt4-x11 (4.2.0-1ubuntu6) edgy; urgency=low

  * SECURITY UPDATE: integer overflow flaw
  * An integer overflow flaw was discovered in the way Qt 3.x and 4.x handles
    pixmap images. This issue can occur when transforming
    specially prepared images from untrusted sources.
  * Add kubuntu_05_CVE-2006-4811-qt3_pixmap.dpatch fix
  * References:
   - CVE-2006-4811
   - http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733

 -- Jonathan Riddell <email address hidden> Fri, 20 Oct 2006 18:20:13 +0100

Changed in qt4-x11:
status: Unconfirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.