Bug 187465 - x11-libs/qt-3: possible remote code execution (CVE-2007-3388)
Bug#: 187465 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: DUPLICATE Assigned To: security@gentoo.org Reported By: meax@huicht.org
Component: Vulnerabilities
URL:  https://rhn.redhat.com/errata/RHSA-2007-0721.html
Summary: x11-libs/qt-3: possible remote code execution (CVE-2007-3388)
Keywords:  
Status Whiteboard: 
Opened: 2007-08-02 06:52 0000
Description:   Opened: 2007-08-02 06:52 0000 
"... Several format string flaws were found in Qt error message handling. If an
application linked against Qt created an error message from user supplied
data in a certain way, it could lead to a denial of service or possibly
allow the execution of arbitrary code. (CVE-2007-3388) ..."
from https://rhn.redhat.com/errata/RHSA-2007-0721.html

Trolltech advisory:
http://trolltech.com/company/newsroom/announcements/press.2007-07-27.7503755960

patch:
http://dist.trolltech.com/developer/download/170529.diff

thanks.

------- Comment #1 From Carsten Lohrke 2007-08-02 16:47:26 0000 ------- 
To quote Dirk Müller from the KDE packager list:

In case you've missed it: I've added a patch for Qt4 as well to qt-copy. While 
TT claims that none of those are exploitable, I disagree and believe that 
some of them are indeed possible to exploit (though only in uninteresting 
ways as far as I investigated).


so qt-3.3.8-r3 and qt-4.3.0-r1 are in cvs now. Please go for it arch teams.

------- Comment #2 From Caleb Tennis 2007-08-02 16:52:08 0000 ------- 
I thought there was already an open bug on this...

Anyway, arch teams note that the patch only modifies some debugging output
statments via qWarning calls, so this should have absolutely no impact on
stability whatsoever.

------- Comment #3 From Carsten Lohrke 2007-08-02 17:13:52 0000 ------- 
(In reply to comment #2)
> I thought there was already an open bug on this...

There is - once again restricted!? The issue was on the packager list on monday
and in the public for at least 30 hours, so I thought you did not have the time
and went ahead. :)

------- Comment #4 From Caleb Tennis 2007-08-02 17:16:27 0000 ------- 
you're right, I didn't, so it's no problem.  :)

I just seem to remember it being a dupe.

------- Comment #5 From Pierre-Yves Rofes 2007-08-02 18:19:44 0000 ------- 

*** This bug has been marked as a duplicate of bug 185446 ***