rev 7231 - in trunk/packages/qt-x11-free/debian: . patches
Sune Vuorela
pusling-guest at alioth.debian.org
Mon Sep 17 10:06:43 UTC 2007
Author: pusling-guest
Date: 2007-09-17 10:06:42 +0000 (Mon, 17 Sep 2007)
New Revision: 7231
Added:
trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch
Modified:
trunk/packages/qt-x11-free/debian/changelog
trunk/packages/qt-x11-free/debian/patches/00list
Log:
add patch for cve-2007-4137
Modified: trunk/packages/qt-x11-free/debian/changelog
===================================================================
--- trunk/packages/qt-x11-free/debian/changelog 2007-09-17 10:06:23 UTC (rev 7230)
+++ trunk/packages/qt-x11-free/debian/changelog 2007-09-17 10:06:42 UTC (rev 7231)
@@ -1,3 +1,11 @@
+qt-x11-free (3:3.3.7-8) unstable; urgency=low
+
+ * Add patch for utf8 parser decoder overflow. CVE-2007-4137
+ (Closes: #442780). Thanks to Dirk Mueller for the patch and Stefan Fritsch
+ for noticing it.
+
+ -- Sune Vuorela <debian at pusling.com> Sun, 16 Sep 2007 23:13:32 +0200
+
qt-x11-free (3:3.3.7-7) unstable; urgency=low
* Updating Qt3 to build against firebird2. Many thanks to Damyan Ivanov for
Modified: trunk/packages/qt-x11-free/debian/patches/00list
===================================================================
--- trunk/packages/qt-x11-free/debian/patches/00list 2007-09-17 10:06:23 UTC (rev 7230)
+++ trunk/packages/qt-x11-free/debian/patches/00list 2007-09-17 10:06:42 UTC (rev 7231)
@@ -48,3 +48,4 @@
69_CVE-2007-3388
70_bad_typecast_amd64
90_armeabi
+71_utf8overflow_cve_CVE-2007-4137.dpatch
Added: trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch
===================================================================
--- trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch (rev 0)
+++ trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch 2007-09-17 10:06:42 UTC (rev 7231)
@@ -0,0 +1,16 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 71_utf8overflow_cve_CVE-2007-4137.dpatchh by
+## http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119
+## - patch by Dirk Mueller
+
+--- qt-x11-free/src/codecs/qutfcodec.cpp
++++ qt-x11-free/src/codecs/qutfcodec.cpp
+@@ -165,7 +165,7 @@ public:
+ QString toUnicode(const char* chars, int len)
+ {
+ QString result;
+- result.setLength( len ); // worst case
++ result.setLength( len + 1 ); // worst case
+ QChar *qch = (QChar *)result.unicode();
+ uchar ch;
+ int error = -1;
Property changes on: trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch
___________________________________________________________________
Name: svn:executable
+ *
More information about the pkg-kde-commits
mailing list