rev 5563 - in branches/etch/packages/kdelibs/debian: . patches

[Ana Beatriz Guerrero López]

Author: ana
Date: 2007-02-06 23:35:32 +0100 (Tue, 06 Feb 2007)
New Revision: 5563

Added:
   branches/etch/packages/kdelibs/debian/patches/45_konqueror-CVE-2007-0537.diff
Modified:
   branches/etch/packages/kdelibs/debian/changelog
Log:
Adding patch and fixing changelog.


Modified: branches/etch/packages/kdelibs/debian/changelog
===================================================================
--- branches/etch/packages/kdelibs/debian/changelog	2007-02-06 20:32:03 UTC (rev 5562)
+++ branches/etch/packages/kdelibs/debian/changelog	2007-02-06 22:35:32 UTC (rev 5563)
@@ -1,20 +1,23 @@
-kdelibs (4:3.5.5a.dfsg.1-7) unstable; urgency=low
+kdelibs (4:3.5.5a.dfsg.1-6) unstable; urgency=high
 
+  +++ Changes by Ana Beatriz Guerrero Lopez:
+  
+  * Add patch 45_konqueror-CVE-2007-0537.diff which fixes: Konqueror does not 
+    properly parse HTML comments, which allows remote attackers to conduct 
+    cross-site scripting (XSS) attacks. CVE-2007-0537. (Closes: #409868).
+    Thanks to Kees Cook for reporting and pointing to the fix.
+
   +++ Changes by Modestas Vainius:
 
   * New patch (No. 25) from KDE bug #128564. Fixes khtml crash on loading
     some non existing pages when javascript is disabled (Closes: #408413).
     Probably fixes these KDE bugs too: #126812, #127137, #135117, #138449.
 
- -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Sun,  4 Feb 2007 00:21:17 +0200
-
-kdelibs (4:3.5.5a.dfsg.1-6) unstable; urgency=high
-
-  +++ Changes by Modestas Vainius:
   * Add libc6-dbg to kdelibs-dbg dependencies on amd64. It seems to be
     needed to get a useful backtrace from drkonqi on this arch.
 
   +++ Changes by Josh Metzler:
+
   * Add 44_sync_kwallet_changes to make kwallet write changes to disk
     immediately, avoiding losing passwords if kwallet doesn't shutdown
     cleanly.  (Closes: #407272)

Added: branches/etch/packages/kdelibs/debian/patches/45_konqueror-CVE-2007-0537.diff
===================================================================
--- branches/etch/packages/kdelibs/debian/patches/45_konqueror-CVE-2007-0537.diff	2007-02-06 20:32:03 UTC (rev 5562)
+++ branches/etch/packages/kdelibs/debian/patches/45_konqueror-CVE-2007-0537.diff	2007-02-06 22:35:32 UTC (rev 5563)
@@ -0,0 +1,20 @@
+--- kdelibs-3.5.5a.dfsg.1/khtml/html/htmltokenizer.cpp
++++ kdelibs-3.5.5a.dfsg.1/khtml/html/htmltokenizer.cpp
+@@ -316,7 +316,7 @@ void HTMLTokenizer::parseSpecial(Tokeniz
+     while ( !src.isEmpty() ) {
+         checkScriptBuffer();
+         unsigned char ch = src->latin1();
+-        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
++        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+             comment = true;
+             scriptCode[ scriptCodeSize++ ] = ch;
+             ++src;
+@@ -495,7 +495,7 @@ void HTMLTokenizer::parseComment(Tokeniz
+ 
+             if (canClose || handleBrokenComments || scriptEnd ){
+                 ++src;
+-                if ( !( script || xmp || textarea || style) ) {
++                if ( !( title || script || xmp || textarea || style) ) {
+ #ifdef COMMENTS_IN_DOM
+                     checkScriptBuffer();
+                     scriptCode[ scriptCodeSize ] = 0;