Trolltech Provides Security Patch to Qt 3.3.8, Addressing Potential Vulnerability

Oslo, 27 July - 2007

A potential vulnerability has been identified in QTextEdit for Qt 3.
We recommend users of this component to apply workaround measures provided.

Qt 3 has a potential vulnerability in QTextEdit, which might cause
remote execution when parsing maliciously crafted text from an unknown
source. This problem is not present in any version of Qt 4. To solve
the issue, apply the patch from http://www.trolltech.com/developer/download/170529.diff.

This vulnerability has been assigned CVE-2007-3388.

Thanks to Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller
of KDE for reporting this vulnerability.