[SCM] Qt 4 packaging branch, squeeze, updated. debian/4.6.3-4+squeeze1-7-gcb4b4ef
Lisandro Damián Nicanor Pérez
lisandro at alioth.debian.org
Sat Feb 9 18:30:23 UTC 2013
Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commitdiff;h=cb4b4ef
The following commit has been merged in the squeeze branch:
commit cb4b4efc95217e064dca02e7a30551abab2ffc71
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date: Sat Feb 9 15:29:53 2013 -0300
Fix CVE-2011-3193.
---
debian/changelog | 2 +
...rflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch | 26 ++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 5eb1173..73c6a94 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,8 @@ qt4-x11 (4:4.6.3-4+squeeze2) UNRELEASED; urgency=high
- Turktrust.
Patch ssl_certificates_blacklist.patch.
* Add CVE-2011-3922.patch: Stack-buffer-overflow in glyph handling.
+ * Add Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch,
+ fixing CVE-2011-3193.
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 09 Feb 2013 13:43:51 -0300
diff --git a/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
new file mode 100644
index 0000000..433cb1e
--- /dev/null
+++ b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
@@ -0,0 +1,26 @@
+From 9ae6f2f9a57f0c3096d5785913e437953fa6775c Mon Sep 17 00:00:00 2001
+From: Jiang Jiang <jiang.jiang at nokia.com>
+Date: Mon, 18 Jul 2011 08:49:32 +0200
+Subject: [PATCH] Check for buffer overflow in Lookup_MarkMarkPos
+
+That may cause crash in this function with certain fonts.
+
+Task-number: QTBUG-17238
+Done-by: Alberto Garcia <agarcia at igalia.com>
+Reviewed-by: Jiang Jiang
+---
+ src/3rdparty/harfbuzz/src/harfbuzz-gpos.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
++++ b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
+@@ -3015,6 +3015,9 @@ static HB_Error Lookup_MarkMarkPos( GPO
+ if ( i > buffer->in_pos )
+ return HB_Err_Not_Covered;
+
++ if ( i > buffer->in_pos )
++ return HB_Err_Not_Covered;
++
+ error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
+ &mark2_index );
+ if ( error )
diff --git a/debian/patches/series b/debian/patches/series
index c972b18..503f669 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,6 +9,7 @@ cve_2010_3170_ssl_certificates_wildcard.diff
change_all_shmget_calls_to_use_user-only_memory.patch
ssl_certificates_blacklist.patch
CVE-2011-3922.patch
+Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
# qt-copy patches
0180-window-role.diff
--
Qt 4 packaging
More information about the pkg-kde-commits
mailing list