rev 15367 - in trunk/packages/qt4-x11/debian: . patches

Fathi Boudra fabo at alioth.debian.org
Sat Jul 25 09:28:12 UTC 2009


Author: fabo
Date: 2009-07-25 09:28:11 +0000 (Sat, 25 Jul 2009)
New Revision: 15367

Added:
   trunk/packages/qt4-x11/debian/patches/06_CVE-2009-1725.diff
Modified:
   trunk/packages/qt4-x11/debian/changelog
   trunk/packages/qt4-x11/debian/patches/series
Log:
Add patch to fix CVE-2009-1725 (Closes: #538347)


Modified: trunk/packages/qt4-x11/debian/changelog
===================================================================
--- trunk/packages/qt4-x11/debian/changelog	2009-07-25 06:48:23 UTC (rev 15366)
+++ trunk/packages/qt4-x11/debian/changelog	2009-07-25 09:28:11 UTC (rev 15367)
@@ -1,10 +1,18 @@
 qt4-x11 (4:4.5.2-2) UNRELEASED; urgency=low
 
+  +++ Changes by Fathi Boudra:
+
+  * Add patch to fix CVE-2009-1725 (Closes: #538347):
+    WebKit in Apple Safari before 4.0.2 does not properly handle numeric
+    character references, which allows remote attackers to execute
+    arbitrary code or cause a denial of service (memory corruption and
+    application crash) via a crafted HTML document.
+
   +++ Changes by Sune Vuorela:
 
   * Add qt4-dev-tools to -demo recommends just like qt4-doc to make it possible
     to actually use the documentation from the demo application. 
-    (Closes: 536558)
+    (Closes: #536558)
 
   +++ Changes by Modestas Vainius:
 

Added: trunk/packages/qt4-x11/debian/patches/06_CVE-2009-1725.diff
===================================================================
--- trunk/packages/qt4-x11/debian/patches/06_CVE-2009-1725.diff	                        (rev 0)
+++ trunk/packages/qt4-x11/debian/patches/06_CVE-2009-1725.diff	2009-07-25 09:28:11 UTC (rev 15367)
@@ -0,0 +1,24 @@
+--- a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
++++ b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
+@@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
+                     }
+                 } else {
+                     // FIXME: We should eventually colorize entities by sending them as a special token.
+-                    checkBuffer(11);
++                    // 12 bytes required: up to 10 bytes in m_cBuffer plus the
++                    // leading '&' and trailing ';'
++                    checkBuffer(12);
+                     *dest++ = '&';
+                     for (unsigned i = 0; i < cBufferPos; i++)
+                         dest[i] = m_cBuffer[i];
+@@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
+                     }
+                 }
+             } else {
+-                checkBuffer(10);
++                // 11 bytes required: up to 10 bytes in m_cBuffer plus the
++                // leading '&'
++                checkBuffer(11);
+                 // ignore the sequence, add it to the buffer as plaintext
+                 *dest++ = '&';
+                 for (unsigned i = 0; i < cBufferPos; i++)

Modified: trunk/packages/qt4-x11/debian/patches/series
===================================================================
--- trunk/packages/qt4-x11/debian/patches/series	2009-07-25 06:48:23 UTC (rev 15366)
+++ trunk/packages/qt4-x11/debian/patches/series	2009-07-25 09:28:11 UTC (rev 15367)
@@ -16,6 +16,7 @@
 03_launch_moc-qt4.diff
 04_launch_uic-qt4.diff
 05_append_qt4_target.diff
+06_CVE-2009-1725.diff
 07_trust_dpkg-arch_over_uname-m.diff
 09_qmake_lflags_as-needed.diff
 10_config_tests_fixes.diff




More information about the pkg-kde-commits mailing list