Add a patch to fix CVE-2023-32762.

Yes, there was another CVE...
2023-05-22 11:40:25 -03:00 · 2023-05-22 11:40:25 -03:00 · 8118e51999
commit 8118e51999
parent 3516dacefa
3 changed files with 19 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,5 +1,8 @@
 qt6-base (6.4.2+dfsg-9) UNRELEASED; urgency=medium

+  [ Lisandro Damián Nicanor Pérez Meyer ]
+  * Add a patch to fix CVE-2023-32762.
+
 -- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>  Mon, 22 May 2023 11:36:51 -0300

 qt6-base (6.4.2+dfsg-8) unstable; urgency=medium
--- a/debian/patches/cve-2023-32762.diff
+++ b/debian/patches/cve-2023-32762.diff
@ -0,0 +1,15 @@
+---
+ src/network/access/qhsts.cpp |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/network/access/qhsts.cpp
+++ b/src/network/access/qhsts.cpp
+@@ -328,7 +328,7 @@ bool QHstsHeaderParser::parse(const QLis
+ {
+     for (const auto &h : headers) {
+         // We use '==' since header name was already 'trimmed' for us:
+-        if (h.first == "Strict-Transport-Security") {
+        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
+             header = h.second;
+             // RFC6797, 8.1:
+             //
--- a/debian/patches/series
+++ b/debian/patches/series
@ -1,4 +1,5 @@
 # fixed in 6.5
+cve-2023-32762.diff
 cve-2023-32763.diff
 upstream_Add-HPPA-detection.patch
 upstream_Add-M68k-detection.patch