[SCM] kio-extras packaging branch, kubuntu_vivid_archive, updated. 05f25c45cc17f4779761085746fa7450ae6ea046
Jonathan Riddell
jriddell-guest at moszumanska.debian.org
Thu Nov 20 13:28:55 UTC 2014
Gitweb-URL: http://git.debian.org/?p=pkg-kde/plasma/kio-extras.git;a=commitdiff;h=05f25c4
The following commit has been merged in the kubuntu_vivid_archive branch:
commit 05f25c45cc17f4779761085746fa7450ae6ea046
Author: Jonathan Riddell <jr at jriddell.org>
Date: Thu Nov 20 14:28:46 2014 +0100
SECURITY UPDATE: Insufficient Input Validation By IO Slaves and Webkit Part
* SECURITY UPDATE: Insufficient Input Validation By IO Slaves and
Webkit Part
- Add upstream_CVE-2014-8600.diff to escape protocol twice: once
for i18n, and once for HTML
- https://www.kde.org/info/security/advisory-20141113-1.txt
- CVE-2014-8600
- LP: #1393479
---
debian/changelog | 12 ++++++++++++
debian/patches/series | 1 +
debian/patches/upstream_CVE-2014-8600.diff | 20 ++++++++++++++++++++
3 files changed, 33 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 1e239bb..986f27a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+kio-extras (4:5.1.1-0ubuntu2) vivid; urgency=medium
+
+ * SECURITY UPDATE: Insufficient Input Validation By IO Slaves and
+ Webkit Part
+ - Add upstream_CVE-2014-8600.diff to escape protocol twice: once
+ for i18n, and once for HTML
+ - https://www.kde.org/info/security/advisory-20141113-1.txt
+ - CVE-2014-8600
+ - LP: #1393479
+
+ -- Jonathan Riddell <jriddell at ubuntu.com> Tue, 18 Nov 2014 10:08:55 +0100
+
kio-extras (4:5.1.1-0ubuntu1) vivid; urgency=medium
* New upstream release.
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..11263b6
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+upstream_CVE-2014-8600.diff
diff --git a/debian/patches/upstream_CVE-2014-8600.diff b/debian/patches/upstream_CVE-2014-8600.diff
new file mode 100644
index 0000000..c59189c
--- /dev/null
+++ b/debian/patches/upstream_CVE-2014-8600.diff
@@ -0,0 +1,20 @@
+--- a/bookmarks/kio_bookmarks.cpp
++++ b/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ #include <qurlquery.h>
+
+ #include <kapplication.h>
+@@ -198,7 +199,7 @@
+ echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size"));
+ } else {
+ echoHead();
+- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++ echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>");
+ }
+ finished();
+ }
+
--
kio-extras packaging
More information about the pkg-kde-commits
mailing list