From 532d4c36fb691963763d81f69272dd32101b45c5 Mon Sep 17 00:00:00 2001 From: Patrick Franz Date: Sat, 13 Jan 2024 14:53:21 +0100 Subject: [PATCH] Add patch to fix CVE-2023-51714. --- debian/changelog | 3 +++ debian/patches/cve-2023-51714.diff | 17 +++++++++++++++++ debian/patches/series | 3 +++ 3 files changed, 23 insertions(+) create mode 100644 debian/patches/cve-2023-51714.diff diff --git a/debian/changelog b/debian/changelog index a7ae1d4..b6e382b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,8 @@ qt6-base (6.4.2+dfsg-21) UNRELEASED; urgency=medium + [ Patrick Franz ] + * Add patch to fix CVE-2023-51714. + -- Debian Qt/KDE Maintainers Sat, 13 Jan 2024 14:49:42 +0100 qt6-base (6.4.2+dfsg-20) unstable; urgency=medium diff --git a/debian/patches/cve-2023-51714.diff b/debian/patches/cve-2023-51714.diff new file mode 100644 index 0000000..5232285 --- /dev/null +++ b/debian/patches/cve-2023-51714.diff @@ -0,0 +1,17 @@ +diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp +index 0b69ee86a9..f20ec92d4c 100644 +--- a/src/network/access/http2/hpacktable.cpp ++++ b/src/network/access/http2/hpacktable.cpp +@@ -26,8 +26,10 @@ HeaderSize entry_size(QByteArrayView name, QByteArrayView value) + // for counting the number of references to the name and value would have + // 32 octets of overhead." + +- const unsigned sum = unsigned(name.size() + value.size()); +- if (std::numeric_limits::max() - 32 < sum) ++ size_t sum; ++ if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum)) ++ return HeaderSize(); ++ if (sum > (std::numeric_limits::max() - 32)) + return HeaderSize(); + return HeaderSize(true, quint32(sum + 32)); + } diff --git a/debian/patches/series b/debian/patches/series index 5afc97e..1cd2b35 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,6 @@ +# fixed in 6.6.2 +cve-2023-51714.diff + # fixed in 6.5.4, 6.6.1 libxkbcommon_1.6.0.diff cve-2023-37369.diff