Debian Security Advisory
DLA-117-1 qt4-x11 -- LTS security update
- Date Reported:
- 21 Dec 2014
- Affected Packages:
- qt4-x11
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-3193, CVE-2011-3194.
- More information:
-
- CVE-2011-3193
Check for buffer overflow in Lookup_MarkMarkPos that may cause crash in this function with certain fonts.
- CVE-2011-3194
Fix tiff reader to handle TIFFTAG_SAMPLESPERPIXEL for grayscale images. The reader uses QImage::Format_Indexed8, but since the samples per pixel value this should be (non-existent) QImage::Format_Indexed16, causing memory corruption. The fix falls back to the
normal
way of reading tiff images.
For Debian 6
Squeeze
, these issues have been fixed in qt4-x11 version 4:4.6.3-4+squeeze2 - CVE-2011-3193