Add a patch to fix CVE-2023-32762.
Yes, there was another CVE...
This commit is contained in:
Lisandro Damián Nicanor Pérez Meyer
parent
3516dacefa
commit
8118e51999
3
debian/changelog
vendored
3
debian/changelog
vendored
@ -1,5 +1,8 @@
|
|||||||
qt6-base (6.4.2+dfsg-9) UNRELEASED; urgency=medium
|
qt6-base (6.4.2+dfsg-9) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
|
[ Lisandro Damián Nicanor Pérez Meyer ]
|
||||||
|
* Add a patch to fix CVE-2023-32762.
|
||||||
|
|
||||||
-- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Mon, 22 May 2023 11:36:51 -0300
|
-- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Mon, 22 May 2023 11:36:51 -0300
|
||||||
|
|
||||||
qt6-base (6.4.2+dfsg-8) unstable; urgency=medium
|
qt6-base (6.4.2+dfsg-8) unstable; urgency=medium
|
||||||
|
|||||||
15
debian/patches/cve-2023-32762.diff
vendored
Normal file
15
debian/patches/cve-2023-32762.diff
vendored
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
src/network/access/qhsts.cpp | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- a/src/network/access/qhsts.cpp
|
||||||
|
+++ b/src/network/access/qhsts.cpp
|
||||||
|
@@ -328,7 +328,7 @@ bool QHstsHeaderParser::parse(const QLis
|
||||||
|
{
|
||||||
|
for (const auto &h : headers) {
|
||||||
|
// We use '==' since header name was already 'trimmed' for us:
|
||||||
|
- if (h.first == "Strict-Transport-Security") {
|
||||||
|
+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
|
||||||
|
header = h.second;
|
||||||
|
// RFC6797, 8.1:
|
||||||
|
//
|
||||||
1
debian/patches/series
vendored
1
debian/patches/series
vendored
@ -1,4 +1,5 @@
|
|||||||
# fixed in 6.5
|
# fixed in 6.5
|
||||||
|
cve-2023-32762.diff
|
||||||
cve-2023-32763.diff
|
cve-2023-32763.diff
|
||||||
upstream_Add-HPPA-detection.patch
|
upstream_Add-HPPA-detection.patch
|
||||||
upstream_Add-M68k-detection.patch
|
upstream_Add-M68k-detection.patch
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user