Updated qt packages that correct two security flaws are now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
A flaw was found in the way Qt expanded certain UTF8 characters. It was
possible to prevent a Qt-based application from properly sanitizing user
supplied input. This could, for example, result in a cross-site scripting
attack against the Konqueror web browser. (CVE-2007-0242)
A buffer overflow flaw was found in the way Qt expanded malformed Unicode
strings. If an application linked against Qt parsed a malicious Unicode
string, it could lead to a denial of service or possibly allow the
execution of arbitrary code. (CVE-2007-4137)
Users of Qt should upgrade to these updated packages, which contain a
backported patch to correct these issues.