PublicDateAtUSN: 2012-06-15
Candidate: CVE-2011-3193
PublicDate: 2012-06-16 00:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3193
 http://www.openwall.com/lists/oss-security/2011/08/24/8
 https://ubuntu.com/security/notices/USN-1504-1
Description:
 Heap-based buffer overflow in the Lookup_MarkMarkPos function in the
 HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango,
 allows remote attackers to cause a denial of service (crash) and possibly
 execute arbitrary code via a crafted font file.
Ubuntu-Description: 
Notes:
 jdstrand> Ubuntu 11.10 and higher are not affected
Bugs: 
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_qt4-x11:
 other: http://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c
upstream_qt4-x11: released (4.7.4)
hardy_qt4-x11: ignored (reached end-of-life)
lucid_qt4-x11: released (4:4.6.2-0ubuntu5.4)
maverick_qt4-x11: ignored (reached end-of-life)
natty_qt4-x11: released (4:4.7.2-0ubuntu6.4)
oneiric_qt4-x11: not-affected (4:4.7.4-0ubuntu8.1)
precise_qt4-x11: not-affected
devel_qt4-x11: not-affected