rev 5563 - in branches/etch/packages/kdelibs/debian: . patches
Ana Beatriz Guerrero López
ana at alioth.debian.org
Tue Feb 6 23:35:33 CET 2007
Author: ana
Date: 2007-02-06 23:35:32 +0100 (Tue, 06 Feb 2007)
New Revision: 5563
Added:
branches/etch/packages/kdelibs/debian/patches/45_konqueror-CVE-2007-0537.diff
Modified:
branches/etch/packages/kdelibs/debian/changelog
Log:
Adding patch and fixing changelog.
Modified: branches/etch/packages/kdelibs/debian/changelog
===================================================================
--- branches/etch/packages/kdelibs/debian/changelog 2007-02-06 20:32:03 UTC (rev 5562)
+++ branches/etch/packages/kdelibs/debian/changelog 2007-02-06 22:35:32 UTC (rev 5563)
@@ -1,20 +1,23 @@
-kdelibs (4:3.5.5a.dfsg.1-7) unstable; urgency=low
+kdelibs (4:3.5.5a.dfsg.1-6) unstable; urgency=high
+ +++ Changes by Ana Beatriz Guerrero Lopez:
+
+ * Add patch 45_konqueror-CVE-2007-0537.diff which fixes: Konqueror does not
+ properly parse HTML comments, which allows remote attackers to conduct
+ cross-site scripting (XSS) attacks. CVE-2007-0537. (Closes: #409868).
+ Thanks to Kees Cook for reporting and pointing to the fix.
+
+++ Changes by Modestas Vainius:
* New patch (No. 25) from KDE bug #128564. Fixes khtml crash on loading
some non existing pages when javascript is disabled (Closes: #408413).
Probably fixes these KDE bugs too: #126812, #127137, #135117, #138449.
- -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sun, 4 Feb 2007 00:21:17 +0200
-
-kdelibs (4:3.5.5a.dfsg.1-6) unstable; urgency=high
-
- +++ Changes by Modestas Vainius:
* Add libc6-dbg to kdelibs-dbg dependencies on amd64. It seems to be
needed to get a useful backtrace from drkonqi on this arch.
+++ Changes by Josh Metzler:
+
* Add 44_sync_kwallet_changes to make kwallet write changes to disk
immediately, avoiding losing passwords if kwallet doesn't shutdown
cleanly. (Closes: #407272)
Added: branches/etch/packages/kdelibs/debian/patches/45_konqueror-CVE-2007-0537.diff
===================================================================
--- branches/etch/packages/kdelibs/debian/patches/45_konqueror-CVE-2007-0537.diff 2007-02-06 20:32:03 UTC (rev 5562)
+++ branches/etch/packages/kdelibs/debian/patches/45_konqueror-CVE-2007-0537.diff 2007-02-06 22:35:32 UTC (rev 5563)
@@ -0,0 +1,20 @@
+--- kdelibs-3.5.5a.dfsg.1/khtml/html/htmltokenizer.cpp
++++ kdelibs-3.5.5a.dfsg.1/khtml/html/htmltokenizer.cpp
+@@ -316,7 +316,7 @@ void HTMLTokenizer::parseSpecial(Tokeniz
+ while ( !src.isEmpty() ) {
+ checkScriptBuffer();
+ unsigned char ch = src->latin1();
+- if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
++ if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+ comment = true;
+ scriptCode[ scriptCodeSize++ ] = ch;
+ ++src;
+@@ -495,7 +495,7 @@ void HTMLTokenizer::parseComment(Tokeniz
+
+ if (canClose || handleBrokenComments || scriptEnd ){
+ ++src;
+- if ( !( script || xmp || textarea || style) ) {
++ if ( !( title || script || xmp || textarea || style) ) {
+ #ifdef COMMENTS_IN_DOM
+ checkScriptBuffer();
+ scriptCode[ scriptCodeSize ] = 0;
More information about the pkg-kde-commits
mailing list