Add a patch to fix CVE-2023-32762.
Yes, there was another CVE...
This commit is contained in:
parent
3516dacefa
commit
8118e51999
3
debian/changelog
vendored
3
debian/changelog
vendored
@ -1,5 +1,8 @@
|
||||
qt6-base (6.4.2+dfsg-9) UNRELEASED; urgency=medium
|
||||
|
||||
[ Lisandro Damián Nicanor Pérez Meyer ]
|
||||
* Add a patch to fix CVE-2023-32762.
|
||||
|
||||
-- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Mon, 22 May 2023 11:36:51 -0300
|
||||
|
||||
qt6-base (6.4.2+dfsg-8) unstable; urgency=medium
|
||||
|
15
debian/patches/cve-2023-32762.diff
vendored
Normal file
15
debian/patches/cve-2023-32762.diff
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
src/network/access/qhsts.cpp | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/src/network/access/qhsts.cpp
|
||||
+++ b/src/network/access/qhsts.cpp
|
||||
@@ -328,7 +328,7 @@ bool QHstsHeaderParser::parse(const QLis
|
||||
{
|
||||
for (const auto &h : headers) {
|
||||
// We use '==' since header name was already 'trimmed' for us:
|
||||
- if (h.first == "Strict-Transport-Security") {
|
||||
+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
|
||||
header = h.second;
|
||||
// RFC6797, 8.1:
|
||||
//
|
1
debian/patches/series
vendored
1
debian/patches/series
vendored
@ -1,4 +1,5 @@
|
||||
# fixed in 6.5
|
||||
cve-2023-32762.diff
|
||||
cve-2023-32763.diff
|
||||
upstream_Add-HPPA-detection.patch
|
||||
upstream_Add-M68k-detection.patch
|
||||
|
Loading…
x
Reference in New Issue
Block a user