rpms/qt/devel qt-3.3.6-bz#292941-CVE-2007-4137.patch, NONE, 1.1 qt.spec, 1.140, 1.141

Than Ngo (than) fedora-extras-commits at redhat.com
Mon Sep 17 15:09:32 UTC 2007 

Author: than

Update of /cvs/extras/rpms/qt/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7885

Modified Files:
	qt.spec 
Added Files:
	qt-3.3.6-bz#292941-CVE-2007-4137.patch 
Log Message:
CVE-2007-4137


qt-3.3.6-bz#292941-CVE-2007-4137.patch:

--- NEW FILE qt-3.3.6-bz#292941-CVE-2007-4137.patch ---
--- src/codecs/qutfcodec.cpp
+++ src/codecs/qutfcodec.cpp
@@ -165,7 +165,7 @@ public:
     QString toUnicode(const char* chars, int len)
     {
 	QString result;
-	result.setLength( len ); // worst case
+	result.setLength( len + 1 ); // worst case
 	QChar *qch = (QChar *)result.unicode();
 	uchar ch;
         int error = -1;


Index: qt.spec
===================================================================
RCS file: /cvs/extras/rpms/qt/devel/qt.spec,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -r1.140 -r1.141
--- qt.spec	29 Aug 2007 17:21:39 -0000	1.140
+++ qt.spec	17 Sep 2007 15:08:59 -0000	1.141
@@ -1,7 +1,7 @@
 Summary: The shared library for the Qt GUI toolkit.
 Name: qt
 Version: 3.3.8
-Release: 7%{?dist}.1
+Release: 8%{?dist}
 Epoch: 1
 License: GPL/QPL
 Group: System Environment/Libraries
@@ -57,7 +57,6 @@
 Patch104: qt-font-default-subst.diff
 patch105: 0073-xinerama-aware-qpopup.patch
 Patch106: 0076-fix-qprocess.diff
-Patch107: 0077-utf8-decoder-fixes.diff
 
 # upstream patches
 Patch200: qt-x11-free-3.3.4-fullscreen.patch
@@ -66,6 +65,7 @@
 # security patces
 Patch300: qt3-CVE-2007-3388.patch
 Patch301: utf8-bug-qt3-CVE-2007-0242.diff
+Patch302: qt-3.3.6-bz#292941-CVE-2007-4137.patch
 
 %define qt_dirname qt-3.3
 %define qtdir %{_libdir}/%{qt_dirname}
@@ -299,7 +299,6 @@
 %patch104 -p0 -b .qt-font-default-subst
 %patch105 -p0 -b .0073-xinerama-aware-qpopup
 %patch106 -p0 -b .0076-fix-qprocess
-%patch107 -p0 -b .0077-utf8-decoder-fixes
 
 %patch200 -p1 -b .fullscreen
 %patch201 -p1 -b .bz#243722-mysql
@@ -307,6 +306,7 @@
 # security patches
 %patch300 -p1 -b .CVE-2007-3388
 %patch301 -p0 -b .CVE-2007-0242
+%patch302 -p0 -b .CVE-2007-4137
 
 # convert to UTF-8
 iconv -f iso-8859-1 -t utf-8 < doc/man/man3/qdial.3qt > doc/man/man3/qdial.3qt_
@@ -577,6 +577,9 @@
 
 
 %changelog
+* Mon Sep 17 2007 Than Ngo <than at redhat.com> - 3.3.8-8
+- CVE-2007-4137
+
 * Wed Aug 29 2007 Than Ngo <than at redhat.com> - 1:3.3.8-7.fc7.1
 - CVE-2007-0242

More information about the fedora-extras-commits mailing list