diff options
| author |   Alexey Shvetsov <alexxy@gentoo.org> | 2014-11-16 10:48:18 +0000 |
|---|---|---|
| committer | Alexey Shvetsov <alexxy@gentoo.org> | 2014-11-16 10:48:18 +0000 |
| commit | 82e6ff7e0cb38be439633cd8fc07f3accb6d34ad (patch) | |
| tree | 1fd772cc7929ea3339e090ee5cfa5a0f2d3948ce /kde-misc/kwebkitpart | |
| parent | Update per CVE-2014-8600 (diff) | |
| download | gentoo-2-82e6ff7e0cb38be439633cd8fc07f3accb6d34ad.tar.gz gentoo-2-82e6ff7e0cb38be439633cd8fc07f3accb6d34ad.tar.bz2 gentoo-2-82e6ff7e0cb38be439633cd8fc07f3accb6d34ad.zip | |
Update per CVE-2014-8600
(Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key F82F92E6)
Diffstat (limited to 'kde-misc/kwebkitpart')
| -rw-r--r-- | kde-misc/kwebkitpart/ChangeLog | 6 | ||||
| -rw-r--r-- | kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch | 45 |
2 files changed, 50 insertions, 1 deletions
diff --git a/kde-misc/kwebkitpart/ChangeLog b/kde-misc/kwebkitpart/ChangeLog index c919e9b4205c..1693e7cf4345 100644 --- a/kde-misc/kwebkitpart/ChangeLog +++ b/kde-misc/kwebkitpart/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for kde-misc/kwebkitpart # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/kde-misc/kwebkitpart/ChangeLog,v 1.40 2014/11/03 09:41:16 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/kde-misc/kwebkitpart/ChangeLog,v 1.41 2014/11/16 10:48:18 alexxy Exp $ + + 16 Nov 2014; Alexey Shvetsov <alexxy@gentoo.org> + +files/kwebkitpart-1.3.4-CVE-2014-8600.patch: + Update per CVE-2014-8600 03 Nov 2014; Agostino Sarubbo <ago@gentoo.org> kwebkitpart-1.3.4.ebuild: Stable for x86, wrt bug #527438 diff --git a/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch new file mode 100644 index 000000000000..f5050abaa5bb --- /dev/null +++ b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch @@ -0,0 +1,45 @@ +From: Albert Astals Cid <aacid@kde.org> +Date: Thu, 13 Nov 2014 14:06:01 +0000 +Subject: Sanitize html +X-Git-Url: http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689 +--- +Sanitize html + +As discussed by the security team +--- + + +--- a/src/webpage.cpp ++++ b/src/webpage.cpp +@@ -226,23 +226,26 @@ + doc += QL1S( "<h3>" ); + doc += i18n( "Details of the Request:" ); + doc += QL1S( "</h3><ul><li>" ); +- doc += i18n( "URL: %1", reqUrl.url() ); ++ // escape URL twice: once for i18n, and once for HTML. ++ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) ); + doc += QL1S( "</li><li>" ); + + const QString protocol (reqUrl.protocol()); + if ( !protocol.isNull() ) { +- doc += i18n( "Protocol: %1", protocol ); ++ // escape protocol twice: once for i18n, and once for HTML. ++ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) ); + doc += QL1S( "</li><li>" ); + } + + doc += i18n( "Date and Time: %1", + KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) ); + doc += QL1S( "</li><li>" ); +- doc += i18n( "Additional Information: %1" , text ); ++ // escape text twice: once for i18n, and once for HTML. ++ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) ); + doc += QL1S( "</li></ul><h3>" ); + doc += i18n( "Description:" ); + doc += QL1S( "</h3><p>" ); +- doc += description; ++ doc += Qt::escape( description ); + doc += QL1S( "</p>" ); + + if ( causes.count() ) { + |