Mandriva Linux Security Advisory MDKSA-2007:075 http://www.mandriva.com/security/ _______________________________________________________________________ Package : qt4 Date : April 3, 2007 Affected: 2007.0 _______________________________________________________________________ Problem Description: Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection. Updated packages have been patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 qt3 is affected as well. http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0123.html
QT please advise.
Woops we already have a bug for this one. *** This bug has been marked as a duplicate of bug 172746 ***
