[kdelibs] Resolves: CVE-2012-4514
Than Ngo
than at fedoraproject.org
Wed Oct 31 10:13:25 UTC 2012
commit 8b43eea334ea7de29bc9b018ef88a06fce120819
Author: Than Ngo <than at redhat.com>
Date: Wed Oct 31 11:13:15 2012 +0100
Resolves: CVE-2012-4514
kdelibs-4.9.x-CVE-2012-4514.patch | 27 +++++++++++++++++++++++++++
kdelibs.spec | 7 ++++++-
2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/kdelibs-4.9.x-CVE-2012-4514.patch b/kdelibs-4.9.x-CVE-2012-4514.patch
new file mode 100644
index 0000000..34235c7
--- /dev/null
+++ b/kdelibs-4.9.x-CVE-2012-4514.patch
@@ -0,0 +1,27 @@
+commit 65464349951e0df9b5d80c2eb3cc7458d54923ae
+Author: David Faure <faure at kde.org>
+Date: Fri Oct 19 11:33:41 2012 +0200
+
+ Fix crash when trying to reuse a frame with a null part.
+
+ BUG: 271528
+ FIXED-IN: 4.9.3
+
+diff --git a/khtml/khtml_part.cpp b/khtml/khtml_part.cpp
+index ad00ea5..6165710 100644
+--- a/khtml/khtml_part.cpp
++++ b/khtml/khtml_part.cpp
+@@ -5242,8 +5242,12 @@ KHTMLPart* KHTMLPartPrivate::top()
+
+ bool KHTMLPartPrivate::canNavigate(KParts::ReadOnlyPart* bCand)
+ {
++ if (!bCand) // No part here (e.g. invalid url), reuse that frame
++ return true;
++
+ KHTMLPart* b = qobject_cast<KHTMLPart*>(bCand);
+- assert(b);
++ if (!b) // Another kind of part? Not sure what to do...
++ return false;
+
+ // HTML5 gives conditions for this (a) being able to navigate b
+
diff --git a/kdelibs.spec b/kdelibs.spec
index e9407ef..5bae821 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -25,7 +25,7 @@
Summary: KDE Libraries
Version: 4.9.2
-Release: 10%{?dist}
+Release: 11%{?dist}
Name: kdelibs
Epoch: 6
@@ -166,6 +166,7 @@ Patch100: kdelibs-4.9.2-cache-solid-device-in-kfileplaces.patch
# Not Upstreamed? why not ? -- Rex
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
Patch201: kdelibs-4.9.x-CVE-2012-4515.patch
+Patch202: kdelibs-4.9.x-CVE-2012-4514.patch
# rhel patches
Patch300: kdelibs-4.8.3-webkit.patch
@@ -340,6 +341,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
# security fixes
%patch200 -p1 -b .CVE-2009-2702
%patch201 -p1 -b .CVE-2012-4515
+%patch202 -p1 -b .CVE-2012-4514
# rhel patches
%if 0%{?rhel}
@@ -595,6 +597,9 @@ rm -rf %{buildroot}
%changelog
+* Wed Oct 31 2012 Than Ngo <than at redhat.com> - 6:4.9.2-11
+- Resolves: CVE-2012-4514
+
* Wed Oct 31 2012 Than Ngo <than at redhat.com> - 6:4.9.2-10
- Resolves: bz#871541, CVE-2012-4515
More information about the scm-commits
mailing list