-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:074 http://www.mandriva.com/security/ _______________________________________________________________________ Package : qt3 Date : April 3, 2007 Affected: 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Andreas Nolden discover a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "