+++ This bug was initially created as a clone of Bug #234633 +++ Andreas Nolden reported a flaw in the QT expands certain UTF8 characters. This could lead to a XSS attack withing konqueror. There is also potential for this flaw to affect other QT applications that attempt to sanitize user supplied data. The example supplied by the KDE security team would be the ability to inject /../ characters into a filename. -- Additional comment from bressers on 2007-03-30 14:29 EST -- Created an attachment (id=151307) Patch for kjs -- Additional comment from bressers on 2007-03-30 14:30 EST -- Created an attachment (id=151310) Patch for QT 3 -- Additional comment from bressers on 2007-03-30 14:32 EST -- Created an attachment (id=151312) Patch for QT4
This should also affect FC5
it's fixed in qt-3_3_8-1_fc6_1