rev 18646 - in kde-extras/rekonq/trunk/debian: . patches

[Felix Geyer]

Author: debfx-guest
Date: 2010-08-17 09:37:35 +0000 (Tue, 17 Aug 2010)
New Revision: 18646

Added:
   kde-extras/rekonq/trunk/debian/patches/
   kde-extras/rekonq/trunk/debian/patches/CVE-2010-2536_fix_xss_vulnerabilities.diff
   kde-extras/rekonq/trunk/debian/patches/series
Modified:
   kde-extras/rekonq/trunk/debian/changelog
Log:
Fix CVE-2010-2536: multiple XSS vulnerabilities.


Modified: kde-extras/rekonq/trunk/debian/changelog
===================================================================
--- kde-extras/rekonq/trunk/debian/changelog	2010-08-17 08:51:45 UTC (rev 18645)
+++ kde-extras/rekonq/trunk/debian/changelog	2010-08-17 09:37:35 UTC (rev 18646)
@@ -1,3 +1,10 @@
+rekonq (0.5.0-2) UNRELEASED; urgency=medium
+
+  * Fix CVE-2010-2536: multiple XSS vulnerabilities (Closes: #593300)
+    - Add CVE-2010-2536_fix_xss_vulnerabilities.diff
+
+ -- Felix Geyer <debfx-pkg at fobos.de>  Tue, 17 Aug 2010 11:16:04 +0200
+
 rekonq (0.5.0-1) unstable; urgency=low
 
   * New upstream release.

Added: kde-extras/rekonq/trunk/debian/patches/CVE-2010-2536_fix_xss_vulnerabilities.diff
===================================================================
--- kde-extras/rekonq/trunk/debian/patches/CVE-2010-2536_fix_xss_vulnerabilities.diff	                        (rev 0)
+++ kde-extras/rekonq/trunk/debian/patches/CVE-2010-2536_fix_xss_vulnerabilities.diff	2010-08-17 09:37:35 UTC (rev 18646)
@@ -0,0 +1,30 @@
+From 1fd48c700abb6d7ff56fded1e39a1418cc573216 Mon Sep 17 00:00:00 2001
+From: Andrea Diamantini <adjam7 at gmail.com>
+Date: Sat, 31 Jul 2010 01:08:41 +0200
+Subject: [PATCH] Applying Eelko's patch against XSS vulnerability
+
+Are we yet vulnerable?
+
+CCBUG:217464
+---
+ src/webpage.cpp |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/webpage.cpp b/src/webpage.cpp
+index a63940b..ea2add6 100644
+--- a/src/webpage.cpp
++++ b/src/webpage.cpp
+@@ -577,8 +577,8 @@ QString WebPage::errorPage(QNetworkReply *reply)
+         return QString("Couldn't open the rekonqinfo.html file");
+     }
+ 
+-    QString title = i18n("Error loading: %1", reply->url().toString());
+-    QString urlString = reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery);
++    QString title = i18n("There was a problem while loading the page");
++    QString urlString = reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath);
+ 
+     QString iconPath = QString("file://") + KIconLoader::global()->iconPath("dialog-warning" , KIconLoader::Small);
+     iconPath.replace(QL1S("16"), QL1S("128"));
+-- 
+1.6.1
+

Added: kde-extras/rekonq/trunk/debian/patches/series
===================================================================
--- kde-extras/rekonq/trunk/debian/patches/series	                        (rev 0)
+++ kde-extras/rekonq/trunk/debian/patches/series	2010-08-17 09:37:35 UTC (rev 18646)
@@ -0,0 +1 @@
+CVE-2010-2536_fix_xss_vulnerabilities.diff