rpms/qt/devel qt-3.3.6-bz#292941-CVE-2007-4137.patch, NONE, 1.1 qt.spec, 1.140, 1.141
Than Ngo (than)
fedora-extras-commits at redhat.com
Mon Sep 17 15:09:32 UTC 2007
Author: than
Update of /cvs/extras/rpms/qt/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7885
Modified Files:
qt.spec
Added Files:
qt-3.3.6-bz#292941-CVE-2007-4137.patch
Log Message:
CVE-2007-4137
qt-3.3.6-bz#292941-CVE-2007-4137.patch:
--- NEW FILE qt-3.3.6-bz#292941-CVE-2007-4137.patch ---
--- src/codecs/qutfcodec.cpp
+++ src/codecs/qutfcodec.cpp
@@ -165,7 +165,7 @@ public:
QString toUnicode(const char* chars, int len)
{
QString result;
- result.setLength( len ); // worst case
+ result.setLength( len + 1 ); // worst case
QChar *qch = (QChar *)result.unicode();
uchar ch;
int error = -1;
Index: qt.spec
===================================================================
RCS file: /cvs/extras/rpms/qt/devel/qt.spec,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -r1.140 -r1.141
--- qt.spec 29 Aug 2007 17:21:39 -0000 1.140
+++ qt.spec 17 Sep 2007 15:08:59 -0000 1.141
@@ -1,7 +1,7 @@
Summary: The shared library for the Qt GUI toolkit.
Name: qt
Version: 3.3.8
-Release: 7%{?dist}.1
+Release: 8%{?dist}
Epoch: 1
License: GPL/QPL
Group: System Environment/Libraries
@@ -57,7 +57,6 @@
Patch104: qt-font-default-subst.diff
patch105: 0073-xinerama-aware-qpopup.patch
Patch106: 0076-fix-qprocess.diff
-Patch107: 0077-utf8-decoder-fixes.diff
# upstream patches
Patch200: qt-x11-free-3.3.4-fullscreen.patch
@@ -66,6 +65,7 @@
# security patces
Patch300: qt3-CVE-2007-3388.patch
Patch301: utf8-bug-qt3-CVE-2007-0242.diff
+Patch302: qt-3.3.6-bz#292941-CVE-2007-4137.patch
%define qt_dirname qt-3.3
%define qtdir %{_libdir}/%{qt_dirname}
@@ -299,7 +299,6 @@
%patch104 -p0 -b .qt-font-default-subst
%patch105 -p0 -b .0073-xinerama-aware-qpopup
%patch106 -p0 -b .0076-fix-qprocess
-%patch107 -p0 -b .0077-utf8-decoder-fixes
%patch200 -p1 -b .fullscreen
%patch201 -p1 -b .bz#243722-mysql
@@ -307,6 +306,7 @@
# security patches
%patch300 -p1 -b .CVE-2007-3388
%patch301 -p0 -b .CVE-2007-0242
+%patch302 -p0 -b .CVE-2007-4137
# convert to UTF-8
iconv -f iso-8859-1 -t utf-8 < doc/man/man3/qdial.3qt > doc/man/man3/qdial.3qt_
@@ -577,6 +577,9 @@
%changelog
+* Mon Sep 17 2007 Than Ngo <than at redhat.com> - 3.3.8-8
+- CVE-2007-4137
+
* Wed Aug 29 2007 Than Ngo <than at redhat.com> - 1:3.3.8-7.fc7.1
- CVE-2007-0242
More information about the fedora-extras-commits
mailing list