From 379e3fed0f4a49f5b11d46a0c6916651bcfa3a7d Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Mon, 17 Sep 2007 15:08:59 +0000 Subject: [PATCH] CVE-2007-4137 --- qt-3.3.6-bz#292941-CVE-2007-4137.patch | 11 +++++++++++ qt.spec | 9 ++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 qt-3.3.6-bz#292941-CVE-2007-4137.patch diff --git a/qt-3.3.6-bz#292941-CVE-2007-4137.patch b/qt-3.3.6-bz#292941-CVE-2007-4137.patch new file mode 100644 index 0000000..06ae9e5 --- /dev/null +++ b/qt-3.3.6-bz#292941-CVE-2007-4137.patch @@ -0,0 +1,11 @@ +--- src/codecs/qutfcodec.cpp ++++ src/codecs/qutfcodec.cpp +@@ -165,7 +165,7 @@ public: + QString toUnicode(const char* chars, int len) + { + QString result; +- result.setLength( len ); // worst case ++ result.setLength( len + 1 ); // worst case + QChar *qch = (QChar *)result.unicode(); + uchar ch; + int error = -1; diff --git a/qt.spec b/qt.spec index d69f612..0ece150 100644 --- a/qt.spec +++ b/qt.spec @@ -1,7 +1,7 @@ Summary: The shared library for the Qt GUI toolkit. Name: qt Version: 3.3.8 -Release: 7%{?dist}.1 +Release: 8%{?dist} Epoch: 1 License: GPL/QPL Group: System Environment/Libraries @@ -57,7 +57,6 @@ Patch103: 0056-khotkeys_input_84434.patch Patch104: qt-font-default-subst.diff patch105: 0073-xinerama-aware-qpopup.patch Patch106: 0076-fix-qprocess.diff -Patch107: 0077-utf8-decoder-fixes.diff # upstream patches Patch200: qt-x11-free-3.3.4-fullscreen.patch @@ -66,6 +65,7 @@ Patch201: qt-x11-free-3.3.8-bz#243722-mysql.patch # security patces Patch300: qt3-CVE-2007-3388.patch Patch301: utf8-bug-qt3-CVE-2007-0242.diff +Patch302: qt-3.3.6-bz#292941-CVE-2007-4137.patch %define qt_dirname qt-3.3 %define qtdir %{_libdir}/%{qt_dirname} @@ -299,7 +299,6 @@ for the Qt toolkit. %patch104 -p0 -b .qt-font-default-subst %patch105 -p0 -b .0073-xinerama-aware-qpopup %patch106 -p0 -b .0076-fix-qprocess -%patch107 -p0 -b .0077-utf8-decoder-fixes %patch200 -p1 -b .fullscreen %patch201 -p1 -b .bz#243722-mysql @@ -307,6 +306,7 @@ for the Qt toolkit. # security patches %patch300 -p1 -b .CVE-2007-3388 %patch301 -p0 -b .CVE-2007-0242 +%patch302 -p0 -b .CVE-2007-4137 # convert to UTF-8 iconv -f iso-8859-1 -t utf-8 < doc/man/man3/qdial.3qt > doc/man/man3/qdial.3qt_ @@ -577,6 +577,9 @@ rm -rf %{buildroot} %changelog +* Mon Sep 17 2007 Than Ngo - 3.3.8-8 +- CVE-2007-4137 + * Wed Aug 29 2007 Than Ngo - 1:3.3.8-7.fc7.1 - CVE-2007-0242