CVE-2011-1168, Konqueror Partially Universal XSS in Error Pages
This commit is contained in:
parent
504431a293
commit
5dd308059d
15
kdelibs-4.5.5-CVE-2011-1168.patch
Normal file
15
kdelibs-4.5.5-CVE-2011-1168.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff -up kdelibs-4.5.5/khtml/khtml_part.cpp.me kdelibs-4.5.5/khtml/khtml_part.cpp
|
||||||
|
--- kdelibs-4.5.5/khtml/khtml_part.cpp.me 2011-04-11 16:48:49.000000000 +0200
|
||||||
|
+++ kdelibs-4.5.5/khtml/khtml_part.cpp 2011-04-11 16:50:27.000000000 +0200
|
||||||
|
@@ -1803,7 +1803,10 @@ void KHTMLPart::htmlError( int errorCode
|
||||||
|
stream >> errorName >> techName >> description >> causes >> solutions;
|
||||||
|
|
||||||
|
QString url, protocol, datetime;
|
||||||
|
- url = Qt::escape( reqUrl.prettyUrl() );
|
||||||
|
+
|
||||||
|
+ // This is somewhat confusing, but we have to escape the externally-
|
||||||
|
+ // controlled URL twice: once for i18n, and once for HTML.
|
||||||
|
+ url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
|
||||||
|
protocol = reqUrl.protocol();
|
||||||
|
datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
|
||||||
|
KLocale::LongDate );
|
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
Summary: KDE Libraries
|
Summary: KDE Libraries
|
||||||
Version: 4.5.5
|
Version: 4.5.5
|
||||||
Release: 0.1%{?dist}
|
Release: 2%{?dist}
|
||||||
|
|
||||||
Name: kdelibs
|
Name: kdelibs
|
||||||
Epoch: 6
|
Epoch: 6
|
||||||
@ -110,6 +110,9 @@ Patch151: kdelibs-4.5.2-plasma_wallpaper_configchanged.patch
|
|||||||
## security fix
|
## security fix
|
||||||
# Not Upstreamed? why not ? -- Rex
|
# Not Upstreamed? why not ? -- Rex
|
||||||
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||||
|
# Konqueror Partially Universal XSS in Error Pages
|
||||||
|
# http://www.kde.org/info/security/advisory-20110411-1.txt
|
||||||
|
Patch201: kdelibs-4.5.5-CVE-2011-1168.patch
|
||||||
|
|
||||||
%if 0%{?fedora} && 0%{?fedora} < 13
|
%if 0%{?fedora} && 0%{?fedora} < 13
|
||||||
Conflicts: kdebase-workspace-libs < 4.3.80
|
Conflicts: kdebase-workspace-libs < 4.3.80
|
||||||
@ -276,6 +279,7 @@ format for use with the Qt 4 Assistant or KDevelop 4.
|
|||||||
|
|
||||||
# security fix
|
# security fix
|
||||||
%patch200 -p1 -b .CVE-2009-2702
|
%patch200 -p1 -b .CVE-2009-2702
|
||||||
|
%patch201 -p1 -b .CVE-2011-1168
|
||||||
|
|
||||||
# add release version as part of branding (suggested by cailon)
|
# add release version as part of branding (suggested by cailon)
|
||||||
sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanager.cpp
|
sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanager.cpp
|
||||||
@ -518,6 +522,9 @@ rm -rf %{buildroot}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Apr 11 2011 Than Ngo <than@redhat.com> - 4.5.5-2
|
||||||
|
- CVE-2011-1168, Konqueror Partially Universal XSS in Error Pages
|
||||||
|
|
||||||
* Wed Jan 05 2011 Rex Dieter <rdieter@fedoraproject.org> 4.5.5-1
|
* Wed Jan 05 2011 Rex Dieter <rdieter@fedoraproject.org> 4.5.5-1
|
||||||
- 4.5.5
|
- 4.5.5
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user