rpms/qt/FC-6 qt-3.3.6-bz#292951-CVE-2007-4137.patch, NONE, 1.1 qt.spec, 1.130, 1.131
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Sep 17 15:19:12 UTC 2007
Author: than
Update of /cvs/dist/rpms/qt/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv12441
Modified Files:
qt.spec
Added Files:
qt-3.3.6-bz#292951-CVE-2007-4137.patch
Log Message:
bz292951, CVE-2007-4137
qt-3.3.6-bz#292951-CVE-2007-4137.patch:
qutfcodec.cpp | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE qt-3.3.6-bz#292951-CVE-2007-4137.patch ---
--- src/codecs/qutfcodec.cpp
+++ src/codecs/qutfcodec.cpp
@@ -165,7 +165,7 @@ public:
QString toUnicode(const char* chars, int len)
{
QString result;
- result.setLength( len ); // worst case
+ result.setLength( len + 1 ); // worst case
QChar *qch = (QChar *)result.unicode();
uchar ch;
int error = -1;
Index: qt.spec
===================================================================
RCS file: /cvs/dist/rpms/qt/FC-6/qt.spec,v
retrieving revision 1.130
retrieving revision 1.131
diff -u -r1.130 -r1.131
--- qt.spec 29 Aug 2007 17:40:52 -0000 1.130
+++ qt.spec 17 Sep 2007 15:19:10 -0000 1.131
@@ -1,7 +1,7 @@
Summary: The shared library for the Qt GUI toolkit.
Name: qt
Version: 3.3.8
-Release: 1%{?dist}.1
+Release: 2%{?dist}
Epoch: 1
License: GPL/QPL
Group: System Environment/Libraries
@@ -65,6 +65,7 @@
# security patces
Patch300: qt3-CVE-2007-3388.patch
Patch301: utf8-bug-qt3-CVE-2007-0242.diff
+Patch302: qt-3.3.6-bz#292951-CVE-2007-4137.patch
%define qt_dirname qt-3.3
%define qtdir %{_libdir}/%{qt_dirname}
@@ -291,6 +292,7 @@
# security patches
%patch300 -p1 -b .CVE-2007-3388
%patch301 -p0 -b .CVE-2007-0242
+%patch302 -p0 -b .CVE-2007-4137
# convert to UTF-8
iconv -f iso-8859-1 -t utf-8 < doc/man/man3/qdial.3qt > doc/man/man3/qdial.3qt_
@@ -552,6 +554,9 @@
%changelog
+* Mon Sep 17 2007 Than Ngo <than at redhat.com> - 1:3.3.8-2.fc6
+- bz292951, CVE-2007-4137
+
* Wed Aug 29 2007 Than Ngo <than at redhat.com> - 1:3.3.8-1.fc6.1
- CVE-2007-3388 qt format string flaw
- bz#234635, CVE-2007-0242 qt UTF8 improper character expansion
More information about the fedora-cvs-commits
mailing list