CVE-2010-0046, security issue in khtml
This commit is contained in:
parent
93ce084af6
commit
d693c5a9f8
12
kdelibs-4.7.3-CVE-0046.patch
Normal file
12
kdelibs-4.7.3-CVE-0046.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up kdelibs-4.7.3/khtml/css/cssparser.cpp.orig kdelibs-4.7.3/khtml/css/cssparser.cpp
|
||||||
|
--- kdelibs-4.7.3/khtml/css/cssparser.cpp.orig 2011-11-07 19:14:53.000000000 +0100
|
||||||
|
+++ kdelibs-4.7.3/khtml/css/cssparser.cpp 2011-11-07 19:15:21.000000000 +0100
|
||||||
|
@@ -2283,7 +2283,7 @@ bool CSSParser::parseFontFaceSrc()
|
||||||
|
Value* a = args->current();
|
||||||
|
uriValue = 0;
|
||||||
|
parsedValue = new CSSFontFaceSrcValueImpl( domString( a->string ), true /*local src*/ );
|
||||||
|
- } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue) {
|
||||||
|
+ } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue && (args->current()->unit == CSSPrimitiveValue::CSS_STRING || args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) {
|
||||||
|
expectComma = true;
|
||||||
|
allowFormat = false;
|
||||||
|
uriValue->setFormat( domString( args->current()->string ) );
|
10
kdelibs.spec
10
kdelibs.spec
@ -23,7 +23,7 @@
|
|||||||
|
|
||||||
Summary: KDE Libraries
|
Summary: KDE Libraries
|
||||||
Version: 4.7.3
|
Version: 4.7.3
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
|
|
||||||
Name: kdelibs
|
Name: kdelibs
|
||||||
Epoch: 6
|
Epoch: 6
|
||||||
@ -129,6 +129,10 @@ Patch51: kdelibs-4.6.2-uri_mimetypes.patch
|
|||||||
## security fix
|
## security fix
|
||||||
# Not Upstreamed? why not ? -- Rex
|
# Not Upstreamed? why not ? -- Rex
|
||||||
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||||
|
# CVE-2010-0046, The Cascading Style Sheets (CSS) implementation in khtml/WebKit
|
||||||
|
# allows remote attackers to execute arbitrary code or cause a denial of service
|
||||||
|
# (memory corruption and application crash) via crafted format arguments.
|
||||||
|
Patch201: kdelibs-4.7.3-CVE-0046.patch
|
||||||
|
|
||||||
## Fedora specific patches
|
## Fedora specific patches
|
||||||
# make forcefully hal-free build
|
# make forcefully hal-free build
|
||||||
@ -322,6 +326,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
|||||||
|
|
||||||
# security fixes
|
# security fixes
|
||||||
%patch200 -p1 -b .CVE-2009-2702
|
%patch200 -p1 -b .CVE-2009-2702
|
||||||
|
%patch201 -p1 -b .CVE-2010-0046
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch300 -p1 -b .halectomy
|
%patch300 -p1 -b .halectomy
|
||||||
@ -571,6 +576,9 @@ rm -rf %{buildroot}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 07 2011 Than Ngo <than@redhat.com> - 4.7.3-3
|
||||||
|
- CVE-2010-0046, security issue in khtml
|
||||||
|
|
||||||
* Fri Nov 04 2011 Rex Dieter <rdieter@fedoraproject.org> 4.7.3-2
|
* Fri Nov 04 2011 Rex Dieter <rdieter@fedoraproject.org> 4.7.3-2
|
||||||
- no_libkactivities
|
- no_libkactivities
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user