1cee48288d
Sun Jul 26 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13
- fix CVE-2009-2537 - select length DoS
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
- fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
Fri Jul 24 2009 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 3.5.10-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Sat Jul 18 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-12
- FTBFS kdelibs3-3.5.10-11.fc11 (#511571)
- -devel: Requires: %%{name}%%_isa ...
14 lines
556 B
Diff
14 lines
556 B
Diff
Index: khtml/html/htmltokenizer.cpp
|
|
===================================================================
|
|
--- khtml/html/htmltokenizer.cpp (revision 1002163)
|
|
+++ khtml/html/htmltokenizer.cpp (revision 1002164)
|
|
@@ -736,7 +736,7 @@
|
|
#ifdef TOKEN_DEBUG
|
|
kdDebug( 6036 ) << "unknown entity!" << endl;
|
|
#endif
|
|
- checkBuffer(10);
|
|
+ checkBuffer(11);
|
|
// ignore the sequence, add it to the buffer as plaintext
|
|
*dest++ = '&';
|
|
for(unsigned int i = 0; i < cBufferPos; i++)
|