-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:075 http://www.mandriva.com/security/ _______________________________________________________________________ Package : qt4 Date : April 3, 2007 Affected: 2007.0 _______________________________________________________________________ Problem Description: Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "