[SCM] kio-extras packaging branch, kubuntu_vivid_archive, updated. 05f25c45cc17f4779761085746fa7450ae6ea046

[Jonathan Riddell]

Gitweb-URL: http://git.debian.org/?p=pkg-kde/plasma/kio-extras.git;a=commitdiff;h=05f25c4

The following commit has been merged in the kubuntu_vivid_archive branch:
commit 05f25c45cc17f4779761085746fa7450ae6ea046
Author: Jonathan Riddell <jr at jriddell.org>
Date:   Thu Nov 20 14:28:46 2014 +0100

     SECURITY UPDATE: Insufficient Input Validation By IO Slaves and Webkit Part
    
    * SECURITY UPDATE: Insufficient Input Validation By IO Slaves and
      Webkit Part
     - Add upstream_CVE-2014-8600.diff to escape protocol twice: once
       for i18n, and once for HTML
     - https://www.kde.org/info/security/advisory-20141113-1.txt
     - CVE-2014-8600
     - LP: #1393479
---
 debian/changelog                           | 12 ++++++++++++
 debian/patches/series                      |  1 +
 debian/patches/upstream_CVE-2014-8600.diff | 20 ++++++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1e239bb..986f27a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+kio-extras (4:5.1.1-0ubuntu2) vivid; urgency=medium
+
+  * SECURITY UPDATE: Insufficient Input Validation By IO Slaves and
+    Webkit Part
+   - Add upstream_CVE-2014-8600.diff to escape protocol twice: once
+     for i18n, and once for HTML
+   - https://www.kde.org/info/security/advisory-20141113-1.txt
+   - CVE-2014-8600
+   - LP: #1393479
+
+ -- Jonathan Riddell <jriddell at ubuntu.com>  Tue, 18 Nov 2014 10:08:55 +0100
+
 kio-extras (4:5.1.1-0ubuntu1) vivid; urgency=medium
 
   * New upstream release.
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..11263b6
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+upstream_CVE-2014-8600.diff
diff --git a/debian/patches/upstream_CVE-2014-8600.diff b/debian/patches/upstream_CVE-2014-8600.diff
new file mode 100644
index 0000000..c59189c
--- /dev/null
+++ b/debian/patches/upstream_CVE-2014-8600.diff
@@ -0,0 +1,20 @@
+--- a/bookmarks/kio_bookmarks.cpp
++++ b/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ #include <qurlquery.h>
+ 
+ #include <kapplication.h>
+@@ -198,7 +199,7 @@
+     echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++    echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>");
+   }
+   finished();
+ }
+

-- 
kio-extras packaging