Lubuntu/qt6-base
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add patch to fix CVE-2023-51714.

Browse Source
This commit is contained in:
Patrick Franz 2024-01-13 14:53:21 +01:00
parent 8c55320705
commit 532d4c36fb
No known key found for this signature in database
GPG Key ID: 9E9F7A603077FE56
3 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/changelog vendored
View File

@ -1,5 +1,8 @@
qt6-base (6.4.2+dfsg-21) UNRELEASED; urgency=medium qt6-base (6.4.2+dfsg-21) UNRELEASED; urgency=medium
[ Patrick Franz ]
* Add patch to fix CVE-2023-51714.
-- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Sat, 13 Jan 2024 14:49:42 +0100 -- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Sat, 13 Jan 2024 14:49:42 +0100
qt6-base (6.4.2+dfsg-20) unstable; urgency=medium qt6-base (6.4.2+dfsg-20) unstable; urgency=medium

17
debian/patches/cve-2023-51714.diff vendored Normal file
View File

@ -0,0 +1,17 @@
diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
index 0b69ee86a9..f20ec92d4c 100644
--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
@@ -26,8 +26,10 @@ HeaderSize entry_size(QByteArrayView name, QByteArrayView value)
// for counting the number of references to the name and value would have
// 32 octets of overhead."
- const unsigned sum = unsigned(name.size() + value.size());
- if (std::numeric_limits<unsigned>::max() - 32 < sum)
+ size_t sum;
+ if (qAddOverflow(size_t(name.size()), size_t(value.size()), &sum))
+ return HeaderSize();
+ if (sum > (std::numeric_limits<unsigned>::max() - 32))
return HeaderSize();
return HeaderSize(true, quint32(sum + 32));
}

3
debian/patches/series vendored
View File

@ -1,3 +1,6 @@
# fixed in 6.6.2
cve-2023-51714.diff
# fixed in 6.5.4, 6.6.1 # fixed in 6.5.4, 6.6.1
libxkbcommon_1.6.0.diff libxkbcommon_1.6.0.diff
cve-2023-37369.diff cve-2023-37369.diff