[SCM] KDE Base Runtime module packaging branch, master, updated. debian/4.14.2-1-35-ge44de4d
Maximiliano Curia
maxy at moszumanska.debian.org
Tue Feb 24 16:29:19 UTC 2015
Gitweb-URL: http://git.debian.org/?p=pkg-kde/applications/kde-runtime.git;a=commitdiff;h=8d0dda3
The following commit has been merged in the master branch:
commit 8d0dda30d33d87e2928a3f4c758ec502b3270e73
Author: Maximiliano Curia <maxy at debian.org>
Date: Wed Dec 10 19:48:40 2014 +0100
New upstream patch: upstream_sanitize_path, fixes CVE-2014-8600 (Closes: #769632) Thanks to Salvatore Bonaccorso
---
debian/changelog | 4 ++++
debian/patches/series | 1 +
debian/patches/upstream_sanitize_path | 27 +++++++++++++++++++++++++++
3 files changed, 32 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 2cfaf35..3d3128e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ kde-runtime (4:4.14.2-2) UNRELEASED; urgency=medium
[ Lisandro Damián Nicanor Pérez Meyer ]
* Remove myself from Uploaders.
+ [ Maximiliano Curia ]
+ * New upstream patch: upstream_sanitize_path, fixes CVE-2014-8600
+ (Closes: #769632) Thanks to Salvatore Bonaccorso
+
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 25 Oct 2014 17:30:01 -0300
kde-runtime (4:4.14.2-1) unstable; urgency=medium
diff --git a/debian/patches/series b/debian/patches/series
index 266f66f..c133a57 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@ khelp_htdig.diff
use_the_correct_locale.patch
disable_flacky_tests
disable_kwalletd_autotests
+upstream_sanitize_path
diff --git a/debian/patches/upstream_sanitize_path b/debian/patches/upstream_sanitize_path
new file mode 100644
index 0000000..88cf297
--- /dev/null
+++ b/debian/patches/upstream_sanitize_path
@@ -0,0 +1,27 @@
+commit d68703900edc8416fbcd2550cd336cbbb76decb9
+Author: Martin Sandsmark <martin.sandsmark at kde.org>
+Date: Thu Nov 13 13:29:01 2014 +0100
+
+ Sanitize path
+
+diff --git a/kioslave/bookmarks/kio_bookmarks.cpp b/kioslave/bookmarks/kio_bookmarks.cpp
+index 750495d..53c8aa3 100644
+--- a/kioslave/bookmarks/kio_bookmarks.cpp
++++ b/kioslave/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+
+ #include <qregexp.h>
++#include <qtextdocument.h>
+
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+@@ -197,7 +198,7 @@ void BookmarksProtocol::get( const KUrl& url )
+ echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
+ } else {
+ echoHead();
+- echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++ echo("<p class=\"message\">" + i18n("Bad request: %1", Qt::escape(Qt::escape(url.prettyUrl()))) + "</p>");
+ }
+ finished();
+ }
--
KDE Base Runtime module packaging
More information about the pkg-kde-commits
mailing list