[SCM] Qt 4 packaging branch, experimental, updated. debian/4.8.0-1-8-g0388ff2
Fathi Boudra
fabo at alioth.debian.org
Fri Jan 6 19:45:15 UTC 2012
The following commit has been merged in the experimental branch:
commit 0388ff209c46df610ae1142f13e0a2739de35790
Author: Fathi Boudra <fabo at debian.org>
Date: Fri Jan 6 21:44:54 2012 +0200
Add CVE-2011-3922.patch: Stack-buffer-overflow in glyph handling.
---
debian/changelog | 1 +
debian/patches/CVE-2011-3922.patch | 17 +++++++++++++++++
2 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 66b713f..f139692 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ qt4-x11 (4:4.8.0-2) UNRELEASED; urgency=low
- mark QML plugin packages as Multi-Arch: same.
* Re-add patch s390x_jscore.diff to add s390/s390x support in JavaScriptCore.
The patch was partly merged in Qt 4.8.
+ * Add CVE-2011-3922.patch: Stack-buffer-overflow in glyph handling.
-- Fathi Boudra <fabo at debian.org> Wed, 04 Jan 2012 22:15:56 +0200
diff --git a/debian/patches/CVE-2011-3922.patch b/debian/patches/CVE-2011-3922.patch
new file mode 100644
index 0000000..8a51b92
--- /dev/null
+++ b/debian/patches/CVE-2011-3922.patch
@@ -0,0 +1,17 @@
+Description: Stack-buffer-overflow in glyph handling.
+ Credit to Google Chrome Security Team (Cris Neckar).
+
+---
+ src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c
++++ b/src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c
+@@ -359,6 +359,7 @@ static HB_Bool myanmar_shape_syllable(HB
+ if (kinzi >= 0 && i > base && (cc & Mymr_CF_AFTER_KINZI)) {
+ reordered[len] = Mymr_C_NGA;
+ reordered[len+1] = Mymr_C_VIRAMA;
++ if (len > 0)
+ properties[len-1] = AboveForm;
+ properties[len] = AboveForm;
+ len += 2;
--
Qt 4 packaging
More information about the pkg-kde-commits
mailing list