[sflack-security] qt (SFSA:2007-093-03)

[sflack-security]  qt (SFSA:2007-093-03)

New qt packages are available for Sflack 11.0, and -current to
fix a security issue.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/qt-3.3.8-x86_64-1_sflack11.0.tgz:
Patched an issue where the Qt UTF 8 decoder may in some instances fail to
reject overlong sequences, possibly allowing "/../" path injection or XSS
errors.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/qt-3.3.8-x86_64-1_sflack11.0.tgz

Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/l/qt-3.3.8-x86_64-3.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
8beb35bec98076228cfa2bae96f0bfdd qt-3.3.8-x86_64-1_sflack11.0.tgz

Sflack -current package:
17c491c24c05b854e20fc98fe2584744 qt-3.3.8-x86_64-3.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg qt-3.3.8-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com