CVE-2011-1168, Konqueror Partially Universal XSS in Error Pages
This commit is contained in:
parent
504431a293
commit
5dd308059d
|
@ -0,0 +1,15 @@
|
|||
diff -up kdelibs-4.5.5/khtml/khtml_part.cpp.me kdelibs-4.5.5/khtml/khtml_part.cpp
|
||||
--- kdelibs-4.5.5/khtml/khtml_part.cpp.me 2011-04-11 16:48:49.000000000 +0200
|
||||
+++ kdelibs-4.5.5/khtml/khtml_part.cpp 2011-04-11 16:50:27.000000000 +0200
|
||||
@@ -1803,7 +1803,10 @@ void KHTMLPart::htmlError( int errorCode
|
||||
stream >> errorName >> techName >> description >> causes >> solutions;
|
||||
|
||||
QString url, protocol, datetime;
|
||||
- url = Qt::escape( reqUrl.prettyUrl() );
|
||||
+
|
||||
+ // This is somewhat confusing, but we have to escape the externally-
|
||||
+ // controlled URL twice: once for i18n, and once for HTML.
|
||||
+ url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
|
||||
protocol = reqUrl.protocol();
|
||||
datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
|
||||
KLocale::LongDate );
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
Summary: KDE Libraries
|
||||
Version: 4.5.5
|
||||
Release: 0.1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
|
||||
Name: kdelibs
|
||||
Epoch: 6
|
||||
|
@ -110,6 +110,9 @@ Patch151: kdelibs-4.5.2-plasma_wallpaper_configchanged.patch
|
|||
## security fix
|
||||
# Not Upstreamed? why not ? -- Rex
|
||||
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||
# Konqueror Partially Universal XSS in Error Pages
|
||||
# http://www.kde.org/info/security/advisory-20110411-1.txt
|
||||
Patch201: kdelibs-4.5.5-CVE-2011-1168.patch
|
||||
|
||||
%if 0%{?fedora} && 0%{?fedora} < 13
|
||||
Conflicts: kdebase-workspace-libs < 4.3.80
|
||||
|
@ -276,6 +279,7 @@ format for use with the Qt 4 Assistant or KDevelop 4.
|
|||
|
||||
# security fix
|
||||
%patch200 -p1 -b .CVE-2009-2702
|
||||
%patch201 -p1 -b .CVE-2011-1168
|
||||
|
||||
# add release version as part of branding (suggested by cailon)
|
||||
sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanager.cpp
|
||||
|
@ -518,6 +522,9 @@ rm -rf %{buildroot}
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Apr 11 2011 Than Ngo <than@redhat.com> - 4.5.5-2
|
||||
- CVE-2011-1168, Konqueror Partially Universal XSS in Error Pages
|
||||
|
||||
* Wed Jan 05 2011 Rex Dieter <rdieter@fedoraproject.org> 4.5.5-1
|
||||
- 4.5.5
|
||||
|
||||
|
|
Loading…
Reference in New Issue