* Thu Jul 23 2009 Jaroslav Reznik <jreznik@redhat.com> - 4.2.4-5
> - CVE-2009-2537 - select length DoS > - correct fixPopupForPlasmaboard.patch
This commit is contained in:
parent
c0b2db97bd
commit
9be6766fac
27
kdelibs-4.2.4-cve-2009-2537-select-length.patch
Normal file
27
kdelibs-4.2.4-cve-2009-2537-select-length.patch
Normal file
@ -0,0 +1,27 @@
|
||||
diff -up kdelibs-4.2.4/khtml/ecma/kjs_html.cpp.cve-2009-2537-select-length kdelibs-4.2.4/khtml/ecma/kjs_html.cpp
|
||||
--- kdelibs-4.2.4/khtml/ecma/kjs_html.cpp.cve-2009-2537-select-length 2009-03-26 15:44:13.000000000 +0100
|
||||
+++ kdelibs-4.2.4/khtml/ecma/kjs_html.cpp 2009-07-23 10:35:55.908865609 +0200
|
||||
@@ -69,6 +69,9 @@
|
||||
#include <QtCore/QList>
|
||||
#include <QtCore/QHash>
|
||||
|
||||
+// CVE-2009-2537 (vendors agreed on max 10000 elements)
|
||||
+#define MAX_SELECT_LENGTH 10000
|
||||
+
|
||||
using namespace DOM;
|
||||
|
||||
namespace KJS {
|
||||
@@ -2428,8 +2431,12 @@ void KJS::HTMLElement::putValueProperty(
|
||||
case SelectValue: { select.setValue(str.implementation()); return; }
|
||||
case SelectLength: { // read-only according to the NS spec, but webpages need it writeable
|
||||
JSObject *coll = getSelectHTMLCollection(exec, select.options(), &select)->getObject();
|
||||
+
|
||||
if ( coll )
|
||||
- coll->put(exec,"length",value);
|
||||
+ if (value->toInteger(exec) >= MAX_SELECT_LENGTH)
|
||||
+ setDOMException(exec, DOMException::INDEX_SIZE_ERR);
|
||||
+ else
|
||||
+ coll->put(exec, "length", value);
|
||||
return;
|
||||
}
|
||||
// read-only: form
|
13
kdelibs.spec
13
kdelibs.spec
@ -1,6 +1,6 @@
|
||||
Summary: K Desktop Environment 4 - Libraries
|
||||
Version: 4.2.4
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
|
||||
%if 0%{?fedora} > 8
|
||||
Name: kdelibs
|
||||
@ -81,11 +81,14 @@ Patch20: kdelibs-4.1.70-cmake.patch
|
||||
Patch22: kdelibs-4.1.96-cmake.patch
|
||||
|
||||
# upstreamable
|
||||
Patch50: kdelibs-4.2.4-fixPopupForPlasmaboard.patch
|
||||
Patch50: kdelibs-4.2.3-fixPopupForPlasmaboard.patch
|
||||
|
||||
# upstream
|
||||
# 4.2 branch
|
||||
|
||||
# security
|
||||
Patch100: kdelibs-4.2.4-cve-2009-2537-select-length.patch
|
||||
|
||||
# 4.3 branch
|
||||
Patch200: kdelibs-4.1.96-AllowExternalPaths.patch
|
||||
|
||||
@ -221,6 +224,8 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
||||
|
||||
%patch50 -p1 -b .fixPopupForPlasmaboard
|
||||
|
||||
%patch100 -p1 -b .cve-2009-2537-select-length
|
||||
|
||||
# upstream patches
|
||||
# 4.2
|
||||
|
||||
@ -408,6 +413,10 @@ rm -rf %{buildroot}
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jul 23 2009 Jaroslav Reznik <jreznik@redhat.com> - 4.2.4-5
|
||||
- CVE-2009-2537 - select length DoS
|
||||
- correct fixPopupForPlasmaboard.patch
|
||||
|
||||
* Wed Jul 08 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.2.4-4
|
||||
- fix CMake dependency in parallel_devel patch (#510259, CHIKAMA Masaki)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user