Debian Bug report logs - #394313
kdelibs: CVE-2006-4811

version graph

Package: qt-x11-free; Maintainer for qt-x11-free is Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>;

Reported by: Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>

Date: Fri, 20 Oct 2006 16:58:51 UTC

Severity: grave

Tags: security

Fixed in version qt-x11-free/3:3.3.7-1

Done: Christopher Martin <chrsmrtn@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#394313; Package kdelibs. Full text and rfc822 format available.

Acknowledgement sent to Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kdelibs: CVE-2006-4811
Date: Fri, 20 Oct 2006 18:39:45 +0200
Package: kdelibs
Version: 4:3.5.5a.dfsg.1-1
Severity: grave
Tags: security
Justification: security hole


Hi,

here is the problem:

http://rhn.redhat.com/errata/RHSA-2006-0720.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:186


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (100, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages kdelibs depends on:
ii  kdelibs-data           4:3.5.5a.dfsg.1-1 core shared data for all KDE appli
ii  kdelibs4c2a            4:3.5.5a.dfsg.1-1 core libraries and binaries for al

kdelibs recommends no packages.

-- no debconf information



Bug reassigned from package `kdelibs' to `qt-x11-free'. Request was from Noah Meyerhans <noahm@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Christopher Martin <chrsmrtn@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 394313-close@bugs.debian.org (full text, mbox):

From: Christopher Martin <chrsmrtn@debian.org>
To: 394313-close@bugs.debian.org
Subject: Bug#394313: fixed in qt-x11-free 3:3.3.7-1
Date: Sat, 21 Oct 2006 10:22:05 -0700
Source: qt-x11-free
Source-Version: 3:3.3.7-1

We believe that the bug you reported is fixed in the latest version of
qt-x11-free, which is due to be installed in the Debian FTP archive:

libqt3-compat-headers_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-1_i386.deb
libqt3-headers_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-headers_3.3.7-1_i386.deb
libqt3-i18n_3.3.7-1_all.deb
  to pool/main/q/qt-x11-free/libqt3-i18n_3.3.7-1_all.deb
libqt3-mt-dev_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-1_i386.deb
libqt3-mt-ibase_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-ibase_3.3.7-1_i386.deb
libqt3-mt-mysql_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-1_i386.deb
libqt3-mt-odbc_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-1_i386.deb
libqt3-mt-psql_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-1_i386.deb
libqt3-mt-sqlite_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-1_i386.deb
libqt3-mt_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/libqt3-mt_3.3.7-1_i386.deb
qt-x11-free-dbg_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-1_i386.deb
qt-x11-free_3.3.7-1.diff.gz
  to pool/main/q/qt-x11-free/qt-x11-free_3.3.7-1.diff.gz
qt-x11-free_3.3.7-1.dsc
  to pool/main/q/qt-x11-free/qt-x11-free_3.3.7-1.dsc
qt-x11-free_3.3.7.orig.tar.gz
  to pool/main/q/qt-x11-free/qt-x11-free_3.3.7.orig.tar.gz
qt3-apps-dev_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt3-apps-dev_3.3.7-1_i386.deb
qt3-assistant_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt3-assistant_3.3.7-1_i386.deb
qt3-designer_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt3-designer_3.3.7-1_i386.deb
qt3-dev-tools-compat_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-1_i386.deb
qt3-dev-tools-embedded_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-1_i386.deb
qt3-dev-tools_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt3-dev-tools_3.3.7-1_i386.deb
qt3-doc_3.3.7-1_all.deb
  to pool/main/q/qt-x11-free/qt3-doc_3.3.7-1_all.deb
qt3-examples_3.3.7-1_all.deb
  to pool/main/q/qt-x11-free/qt3-examples_3.3.7-1_all.deb
qt3-linguist_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt3-linguist_3.3.7-1_i386.deb
qt3-qtconfig_3.3.7-1_i386.deb
  to pool/main/q/qt-x11-free/qt3-qtconfig_3.3.7-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 394313@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christopher Martin <chrsmrtn@debian.org> (supplier of updated qt-x11-free package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 21 Oct 2006 09:30:32 -0400
Source: qt-x11-free
Binary: libqt3-i18n qt3-apps-dev libqt3-mt-sqlite qt-x11-free-dbg qt3-assistant qt3-examples qt3-doc libqt3-headers libqt3-mt-mysql libqt3-mt libqt3-mt-odbc libqt3-compat-headers qt3-dev-tools-embedded qt3-dev-tools libqt3-mt-ibase qt3-designer qt3-linguist qt3-qtconfig qt3-dev-tools-compat libqt3-mt-dev libqt3-mt-psql
Architecture: source i386 all
Version: 3:3.3.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Christopher Martin <chrsmrtn@debian.org>
Description: 
 libqt3-compat-headers - Qt 1.x and 2.x compatibility includes
 libqt3-headers - Qt3 header files
 libqt3-i18n - i18n files for Qt3 library
 libqt3-mt  - Qt GUI Library (Threaded runtime version), Version 3
 libqt3-mt-dev - Qt development files (Threaded)
 libqt3-mt-ibase - InterBase/FireBird database driver for Qt3 (Threaded)
 libqt3-mt-mysql - MySQL database driver for Qt3 (Threaded)
 libqt3-mt-odbc - ODBC database driver for Qt3 (Threaded)
 libqt3-mt-psql - PostgreSQL database driver for Qt3 (Threaded)
 libqt3-mt-sqlite - SQLite database driver for Qt3 (Threaded)
 qt-x11-free-dbg - debugging symbols for qt-x11-free binaries
 qt3-apps-dev - Qt3 Developer applications development files
 qt3-assistant - The Qt3 assistant application
 qt3-designer - Qt3 Designer
 qt3-dev-tools - Qt3 development tools
 qt3-dev-tools-compat - Conversion utilities for Qt3 development
 qt3-dev-tools-embedded - Tools to develop embedded Qt applications
 qt3-doc    - Qt3 API documentation
 qt3-examples - Examples for Qt3
 qt3-linguist - The Qt3 Linguist
 qt3-qtconfig - The Qt3 Configuration Application
Closes: 394195 394313
Changes: 
 qt-x11-free (3:3.3.7-1) unstable; urgency=medium
 .
   * New upstream release. Includes the fix to CVE-2006-4811, an integer
     overflow that might (in theory) lead to the arbitrary execution of
     code, particularly for those using KHTML (Konqueror's page rendering
     engine). Urgency is medium as this is a security problem.
     (Closes: #394313)
 .
   * Add Hurd build patch, thanks to Cyril Brulebois. (Closes: #394195)
Files: 
 4814332d9104e4f583b968f0523dcf7a 1792 libs optional qt-x11-free_3.3.7-1.dsc
 102fef9d8718df6ccda917090b975f8b 17558148 libs optional qt-x11-free_3.3.7.orig.tar.gz
 5c8d97e247eac780589f4c0456fb405d 230292 libs optional qt-x11-free_3.3.7-1.diff.gz
 6f4def349468fb3f1b219381460bbf6b 127872 libs optional libqt3-i18n_3.3.7-1_all.deb
 17332b2f28d137096bc47b073f14eb3a 5614222 doc extra qt3-doc_3.3.7-1_all.deb
 fb0ded7ade6acad0090bdf744042b525 1550870 doc extra qt3-examples_3.3.7-1_all.deb
 2c221ccf49a694b5bffd046d763f48e3 3133482 libs optional libqt3-mt_3.3.7-1_i386.deb
 067d71e467241b1bba472f14f714a556 46882 libs optional libqt3-mt-mysql_3.3.7-1_i386.deb
 3025d9c83db4a7a80b78b18aea4b9b16 67846 libs optional libqt3-mt-odbc_3.3.7-1_i386.deb
 d5611195e5f8b8fb1b11131d4152ff7b 52914 libs optional libqt3-mt-psql_3.3.7-1_i386.deb
 03f4302cc63d514e056f47cb9976ea48 53508 libs optional libqt3-mt-ibase_3.3.7-1_i386.deb
 7b7bece1cccd0d5c6f752880b6703490 196758 libs optional libqt3-mt-sqlite_3.3.7-1_i386.deb
 88985f5b56cc3751d9bf435edd6d6019 46178 libdevel optional libqt3-mt-dev_3.3.7-1_i386.deb
 1dc70ba982c334ff3519e797c6bd8001 362664 devel optional libqt3-headers_3.3.7-1_i386.deb
 c30ed5f9d2309964d7ca275ef150e826 76040 devel optional libqt3-compat-headers_3.3.7-1_i386.deb
 12d89d3d3b56b84de9b13e06dd4df810 1240690 devel optional qt3-dev-tools_3.3.7-1_i386.deb
 74f1de2ddae1d4dbfdd4ec1f0e680ce0 4055082 devel optional qt3-designer_3.3.7-1_i386.deb
 c7db82c34477a8e2cac0633c631995e5 2377472 devel optional qt3-apps-dev_3.3.7-1_i386.deb
 dff099a43007bb62d657f7647d68d50c 334446 devel optional qt3-linguist_3.3.7-1_i386.deb
 7f6b7f78189a4ae10ed7614dd224cc10 233446 x11 optional qt3-assistant_3.3.7-1_i386.deb
 8269f84e54797de82328f021e15162c2 92372 x11 optional qt3-qtconfig_3.3.7-1_i386.deb
 2f902aa29e38622b9043e99a248f6ac5 282076 devel optional qt3-dev-tools-embedded_3.3.7-1_i386.deb
 3671f43721b2dff5c4712c3f28341ed9 64316 devel optional qt3-dev-tools-compat_3.3.7-1_i386.deb
 e401d8e9ae09dcfbd1c77725f716befb 32884362 libdevel extra qt-x11-free-dbg_3.3.7-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Signed by Christopher Martin <chrsmrtn@debian.org>

iD8DBQFFOj6gU+gWW+vtsysRApsZAJ4ng1pwySLfmxfo2/kIDs8hhCIJfQCfRw2F
6X6xVRjR+d3m6wIO9mFanqU=
=92GB
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 15:58:09 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 23:51:18 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.