qt4-x11 - several vulnerabilities

Several vulnerabilities have been discovered in qt4-x11, a cross-platform
C++ application framework.
The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2009-0945
  Array index error in the insertItemBefore method in WebKit, as used in qt4-x11,
  allows remote attackers to execute arbitrary code.
• CVE-2009-1687
  The JavaScript garbage collector in WebKit, as used in qt4-x11 does not
  properly handle allocation failures, which allows remote attackers to
  execute arbitrary code or cause a denial of service (memory corruption
  and application crash) via a crafted HTML document that triggers write
  access to an "offset of a NULL pointer.
• CVE-2009-1690
  Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote
  attackers to execute arbitrary code or cause a denial of service (memory
  corruption and application crash) by setting an unspecified property of
  an HTML tag that causes child elements to be freed and later accessed
  when an HTML error occurs.
• CVE-2009-1698
  WebKit in qt4-x11 does not initialize a pointer during handling of a
  Cascading Style Sheets (CSS) attr function call with a large numerical
  argument, which allows remote attackers to execute arbitrary code or
  cause a denial of service (memory corruption and application crash) via
  a crafted HTML document.
• CVE-2009-1699
  The XSL stylesheet implementation in WebKit, as used in qt4-x11 does
  not properly handle XML external entities, which allows remote attackers to read
  arbitrary files via a crafted DTD.
• CVE-2009-1711
  WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects,
  which allows remote attackers to execute arbitrary code or cause a denial
  of service (application crash) via a crafted HTML document.
• CVE-2009-1712
  WebKit in qt4-x11 does not prevent remote loading of local Java applets,
  which allows remote attackers to execute arbitrary code, gain privileges, or
  obtain sensitive information via an APPLET or OBJECT element.
• CVE-2009-1713
  The XSLT functionality in WebKit, as used in qt4-x11 does not properly
  implement the document function, which allows remote attackers to read
  arbitrary local files and files from different security zones.
• CVE-2009-1725
  WebKit in qt4-x11 does not properly handle numeric character references,
  which allows remote attackers to execute arbitrary code or cause a
  denial of service (memory corruption and application crash) via a
  crafted HTML document.
• CVE-2009-2700
  qt4-x11 does not properly handle a ‘\0’ character in a domain name in the
  Subject Alternative Name field of an X.509 certificate, which allows
  man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
  certificate issued by a legitimate Certification Authority.

The oldstable distribution (etch) is not affected by these problems.

For the stable distribution (lenny), these problems have been fixed in
version 4.4.3-1+lenny1.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 4.5.3-1.

We recommend that you upgrade your qt4-x11 packages.