[SCM] Qt 4 packaging branch, experimental, updated. debian/4.8.6+git64-g5dc8b2b+dfsg-3-8-g75c8b4d

[Lisandro Damián Nicanor Pérez]

Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qt4-x11.git;a=commitdiff;h=61c30e7

The following commit has been merged in the experimental branch:
commit 61c30e7fa70220592be414d9a75c42dcb124ec75
Author: Dmitry Shachnev <mitya57 at gmail.com>
Date:   Mon Mar 2 17:29:33 2015 +0300

    Fix CVE-2015-0295 (DoS vulnerability in BMP images handler).
---
 debian/changelog                  |  2 ++
 debian/patches/cve-2015-0295.diff | 25 +++++++++++++++++++++++++
 debian/patches/series             |  1 +
 3 files changed, 28 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 8abac11..4d2d687 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 qt4-x11 (4:4.8.6+git64-g5dc8b2b+dfsg-3) UNRELEASED; urgency=medium
 
   * Team upload.
+  * Fix CVE-2015-0295 (DoS vulnerability in BMP images handler).
+    Closes: #779550.
 
  -- Dmitry Shachnev <mitya57 at debian.org>  Mon, 02 Mar 2015 17:12:28 +0300
 
diff --git a/debian/patches/cve-2015-0295.diff b/debian/patches/cve-2015-0295.diff
new file mode 100644
index 0000000..1a60865
--- /dev/null
+++ b/debian/patches/cve-2015-0295.diff
@@ -0,0 +1,25 @@
+Description: fix a division by zero when processing malformed BMP files
+Origin: upstream, http://code.qt.io/cgit/qt/qt.git/commit?id=e50aa2252cdd5cb5
+Bug-Upstream: https://bugreports.qt.io/browse/QTBUG-44547
+Bug-Debian: https://bugs.debian.org/779550
+Last-Update: 2015-03-02
+
+--- a/src/gui/image/qbmphandler.cpp
++++ b/src/gui/image/qbmphandler.cpp
+@@ -319,10 +319,16 @@
+         }
+     } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
+         red_shift = calc_shift(red_mask);
++        if (((red_mask >> red_shift) + 1) == 0)
++            return false;
+         red_scale = 256 / ((red_mask >> red_shift) + 1);
+         green_shift = calc_shift(green_mask);
++        if (((green_mask >> green_shift) + 1) == 0)
++            return false;
+         green_scale = 256 / ((green_mask >> green_shift) + 1);
+         blue_shift = calc_shift(blue_mask);
++        if (((blue_mask >> blue_shift) + 1) == 0)
++            return false;
+         blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
+     } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
+         blue_mask = 0x000000ff;
diff --git a/debian/patches/series b/debian/patches/series
index 78c11b7..88ccc32 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -54,3 +54,4 @@ qtdoc-build-offline-docs.patch
 remove_addsense.patch
 parisc-atomic.patch
 ppc64el_configure_support.patch
+cve-2015-0295.diff

-- 
Qt 4 packaging