rev 15367 - in trunk/packages/qt4-x11/debian: . patches
Fathi Boudra
fabo at alioth.debian.org
Sat Jul 25 09:28:12 UTC 2009
Author: fabo
Date: 2009-07-25 09:28:11 +0000 (Sat, 25 Jul 2009)
New Revision: 15367
Added:
trunk/packages/qt4-x11/debian/patches/06_CVE-2009-1725.diff
Modified:
trunk/packages/qt4-x11/debian/changelog
trunk/packages/qt4-x11/debian/patches/series
Log:
Add patch to fix CVE-2009-1725 (Closes: #538347)
Modified: trunk/packages/qt4-x11/debian/changelog
===================================================================
--- trunk/packages/qt4-x11/debian/changelog 2009-07-25 06:48:23 UTC (rev 15366)
+++ trunk/packages/qt4-x11/debian/changelog 2009-07-25 09:28:11 UTC (rev 15367)
@@ -1,10 +1,18 @@
qt4-x11 (4:4.5.2-2) UNRELEASED; urgency=low
+ +++ Changes by Fathi Boudra:
+
+ * Add patch to fix CVE-2009-1725 (Closes: #538347):
+ WebKit in Apple Safari before 4.0.2 does not properly handle numeric
+ character references, which allows remote attackers to execute
+ arbitrary code or cause a denial of service (memory corruption and
+ application crash) via a crafted HTML document.
+
+++ Changes by Sune Vuorela:
* Add qt4-dev-tools to -demo recommends just like qt4-doc to make it possible
to actually use the documentation from the demo application.
- (Closes: 536558)
+ (Closes: #536558)
+++ Changes by Modestas Vainius:
Added: trunk/packages/qt4-x11/debian/patches/06_CVE-2009-1725.diff
===================================================================
--- trunk/packages/qt4-x11/debian/patches/06_CVE-2009-1725.diff (rev 0)
+++ trunk/packages/qt4-x11/debian/patches/06_CVE-2009-1725.diff 2009-07-25 09:28:11 UTC (rev 15367)
@@ -0,0 +1,24 @@
+--- a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
++++ b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
+@@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
+ }
+ } else {
+ // FIXME: We should eventually colorize entities by sending them as a special token.
+- checkBuffer(11);
++ // 12 bytes required: up to 10 bytes in m_cBuffer plus the
++ // leading '&' and trailing ';'
++ checkBuffer(12);
+ *dest++ = '&';
+ for (unsigned i = 0; i < cBufferPos; i++)
+ dest[i] = m_cBuffer[i];
+@@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
+ }
+ }
+ } else {
+- checkBuffer(10);
++ // 11 bytes required: up to 10 bytes in m_cBuffer plus the
++ // leading '&'
++ checkBuffer(11);
+ // ignore the sequence, add it to the buffer as plaintext
+ *dest++ = '&';
+ for (unsigned i = 0; i < cBufferPos; i++)
Modified: trunk/packages/qt4-x11/debian/patches/series
===================================================================
--- trunk/packages/qt4-x11/debian/patches/series 2009-07-25 06:48:23 UTC (rev 15366)
+++ trunk/packages/qt4-x11/debian/patches/series 2009-07-25 09:28:11 UTC (rev 15367)
@@ -16,6 +16,7 @@
03_launch_moc-qt4.diff
04_launch_uic-qt4.diff
05_append_qt4_target.diff
+06_CVE-2009-1725.diff
07_trust_dpkg-arch_over_uname-m.diff
09_qmake_lflags_as-needed.diff
10_config_tests_fixes.diff
More information about the pkg-kde-commits
mailing list