Security fix for Qt (3.3, 4.1 and 4.2)

Bug #67475 reported by IndigoJo
254
Affects Status Importance Assigned to Milestone
qt-x11-free (Debian)
Fix Released
Unknown
qt-x11-free (Ubuntu)
Fix Released
Undecided
Unassigned
qt4-x11 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Trolltech has released three new versions of Qt, containing a security patch which prevents the system being compromised when transforming specially prepared pixmaps from untrusted sources. The new versions are 3.3.7, 4.1.5 and 4.2.1 and are recommended upgrades.

Note: the original reporter indicated the bug was in package 'libqt3'; however, that package was not published in Ubuntu.

CVE References

Changed in qt-x11-free:
status: Unknown → Fix Released
Revision history for this message
Kai Kasurinen (kai-kasurinen) wrote :

qt-x11-free (3:3.3.6-3ubuntu3) edgy; urgency=low

  * SECURITY UPDATE: integer overflow flaw
  * An integer overflow flaw was discovered in the way Qt 3.x and 4.x handles
    pixmap images. This issue can occur when transforming
    specially prepared images from untrusted sources.
  * Add kubuntu_05_CVE-2006-4811-qt3_pixmap.dpatch fix
  * References:
   - CVE-2006-4811
   - http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733

 -- Jonathan Riddell <email address hidden> Fri, 20 Oct 2006 16:50:19 +0100

Changed in qt-x11-free:
status: Unconfirmed → Fix Released
Revision history for this message
Kai Kasurinen (kai-kasurinen) wrote :

qt4-x11 (4.2.0-1ubuntu6) edgy; urgency=low

  * SECURITY UPDATE: integer overflow flaw
  * An integer overflow flaw was discovered in the way Qt 3.x and 4.x handles
    pixmap images. This issue can occur when transforming
    specially prepared images from untrusted sources.
  * Add kubuntu_05_CVE-2006-4811-qt3_pixmap.dpatch fix
  * References:
   - CVE-2006-4811
   - http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733

 -- Jonathan Riddell <email address hidden> Fri, 20 Oct 2006 18:20:13 +0100

Changed in qt4-x11:
status: Unconfirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.