rev 7231 - in trunk/packages/qt-x11-free/debian: . patches

Sune Vuorela pusling-guest at alioth.debian.org
Mon Sep 17 10:06:43 UTC 2007 

Author: pusling-guest
Date: 2007-09-17 10:06:42 +0000 (Mon, 17 Sep 2007)
New Revision: 7231

Added:
   trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch
Modified:
   trunk/packages/qt-x11-free/debian/changelog
   trunk/packages/qt-x11-free/debian/patches/00list
Log:
add patch for cve-2007-4137


Modified: trunk/packages/qt-x11-free/debian/changelog
===================================================================
--- trunk/packages/qt-x11-free/debian/changelog	2007-09-17 10:06:23 UTC (rev 7230)
+++ trunk/packages/qt-x11-free/debian/changelog	2007-09-17 10:06:42 UTC (rev 7231)
@@ -1,3 +1,11 @@
+qt-x11-free (3:3.3.7-8) unstable; urgency=low
+
+  * Add patch for utf8 parser decoder overflow. CVE-2007-4137
+    (Closes: #442780). Thanks to Dirk Mueller for the patch and Stefan Fritsch
+    for noticing it.
+
+ -- Sune Vuorela <debian at pusling.com>  Sun, 16 Sep 2007 23:13:32 +0200
+
 qt-x11-free (3:3.3.7-7) unstable; urgency=low
 
   * Updating Qt3 to build against firebird2. Many thanks to Damyan Ivanov for

Modified: trunk/packages/qt-x11-free/debian/patches/00list
===================================================================
--- trunk/packages/qt-x11-free/debian/patches/00list	2007-09-17 10:06:23 UTC (rev 7230)
+++ trunk/packages/qt-x11-free/debian/patches/00list	2007-09-17 10:06:42 UTC (rev 7231)
@@ -48,3 +48,4 @@
 69_CVE-2007-3388
 70_bad_typecast_amd64
 90_armeabi
+71_utf8overflow_cve_CVE-2007-4137.dpatch

Added: trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch
===================================================================
--- trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch	                        (rev 0)
+++ trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch	2007-09-17 10:06:42 UTC (rev 7231)
@@ -0,0 +1,16 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 71_utf8overflow_cve_CVE-2007-4137.dpatchh by 
+## http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119
+## - patch by Dirk Mueller
+
+--- qt-x11-free/src/codecs/qutfcodec.cpp
++++ qt-x11-free/src/codecs/qutfcodec.cpp
+@@ -165,7 +165,7 @@ public:
+     QString toUnicode(const char* chars, int len)
+     {
+ 	QString result;
+-	result.setLength( len ); // worst case
++	result.setLength( len + 1 ); // worst case
+ 	QChar *qch = (QChar *)result.unicode();
+ 	uchar ch;
+         int error = -1;


Property changes on: trunk/packages/qt-x11-free/debian/patches/71_utf8overflow_cve_CVE-2007-4137.dpatch
___________________________________________________________________
Name: svn:executable
   + *

More information about the pkg-kde-commits mailing list