rpms/qt/FC-6 qt-3.3.6-bz#292951-CVE-2007-4137.patch, NONE, 1.1 qt.spec, 1.130, 1.131

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Sep 17 15:19:12 UTC 2007 

Author: than

Update of /cvs/dist/rpms/qt/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv12441

Modified Files:
	qt.spec 
Added Files:
	qt-3.3.6-bz#292951-CVE-2007-4137.patch 
Log Message:
bz292951, CVE-2007-4137


qt-3.3.6-bz#292951-CVE-2007-4137.patch:
 qutfcodec.cpp |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE qt-3.3.6-bz#292951-CVE-2007-4137.patch ---
--- src/codecs/qutfcodec.cpp
+++ src/codecs/qutfcodec.cpp
@@ -165,7 +165,7 @@ public:
     QString toUnicode(const char* chars, int len)
     {
 	QString result;
-	result.setLength( len ); // worst case
+	result.setLength( len + 1 ); // worst case
 	QChar *qch = (QChar *)result.unicode();
 	uchar ch;
         int error = -1;


Index: qt.spec
===================================================================
RCS file: /cvs/dist/rpms/qt/FC-6/qt.spec,v
retrieving revision 1.130
retrieving revision 1.131
diff -u -r1.130 -r1.131
--- qt.spec	29 Aug 2007 17:40:52 -0000	1.130
+++ qt.spec	17 Sep 2007 15:19:10 -0000	1.131
@@ -1,7 +1,7 @@
 Summary: The shared library for the Qt GUI toolkit.
 Name: qt
 Version: 3.3.8
-Release: 1%{?dist}.1
+Release: 2%{?dist}
 Epoch: 1
 License: GPL/QPL
 Group: System Environment/Libraries
@@ -65,6 +65,7 @@
 # security patces
 Patch300: qt3-CVE-2007-3388.patch
 Patch301: utf8-bug-qt3-CVE-2007-0242.diff
+Patch302: qt-3.3.6-bz#292951-CVE-2007-4137.patch
 
 %define qt_dirname qt-3.3
 %define qtdir %{_libdir}/%{qt_dirname}
@@ -291,6 +292,7 @@
 # security patches
 %patch300 -p1 -b .CVE-2007-3388
 %patch301 -p0 -b .CVE-2007-0242
+%patch302 -p0 -b .CVE-2007-4137
 
 # convert to UTF-8
 iconv -f iso-8859-1 -t utf-8 < doc/man/man3/qdial.3qt > doc/man/man3/qdial.3qt_
@@ -552,6 +554,9 @@
 
 
 %changelog
+* Mon Sep 17 2007 Than Ngo <than at redhat.com> - 1:3.3.8-2.fc6
+- bz292951, CVE-2007-4137 
+
 * Wed Aug 29 2007 Than Ngo <than at redhat.com> - 1:3.3.8-1.fc6.1
 - CVE-2007-3388 qt format string flaw
 - bz#234635, CVE-2007-0242 qt UTF8 improper character expansion

More information about the fedora-cvs-commits mailing list