[kdelibs/f13/master] CVE-2011-1168, Konqueror Partially Universal XSS in Error Pages

Mon Apr 11 14:55:30 UTC 2011

commit 5dd308059d077ddf0209c3eb2fd2bf6988ba447b
Author: Than Ngo <than at redhat.com>
Date:   Mon Apr 11 16:55:18 2011 +0200

    CVE-2011-1168, Konqueror Partially Universal XSS in Error Pages

 kdelibs-4.5.5-CVE-2011-1168.patch |   15 +++++++++++++++
 kdelibs.spec                      |    9 ++++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)
---

diff --git a/kdelibs-4.5.5-CVE-2011-1168.patch b/kdelibs-4.5.5-CVE-2011-1168.patch
new file mode 100644
index 0000000..438e306
--- /dev/null
+++ b/kdelibs-4.5.5-CVE-2011-1168.patch
@@ -0,0 +1,15 @@
+diff -up kdelibs-4.5.5/khtml/khtml_part.cpp.me kdelibs-4.5.5/khtml/khtml_part.cpp
+--- kdelibs-4.5.5/khtml/khtml_part.cpp.me	2011-04-11 16:48:49.000000000 +0200
++++ kdelibs-4.5.5/khtml/khtml_part.cpp	2011-04-11 16:50:27.000000000 +0200
+@@ -1803,7 +1803,10 @@ void KHTMLPart::htmlError( int errorCode
+   stream >> errorName >> techName >> description >> causes >> solutions;
+ 
+   QString url, protocol, datetime;
+-  url = Qt::escape( reqUrl.prettyUrl() );
++
++  // This is somewhat confusing, but we have to escape the externally-
++  // controlled URL twice: once for i18n, and once for HTML.
++  url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
+   protocol = reqUrl.protocol();
+   datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
+                                                 KLocale::LongDate );
diff --git a/kdelibs.spec b/kdelibs.spec
index eb1bf05..123f2cb 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -16,7 +16,7 @@
 
 Summary: KDE Libraries
 Version: 4.5.5
-Release: 0.1%{?dist}
+Release: 2%{?dist}
 
 Name: kdelibs
 Epoch: 6
@@ -110,6 +110,9 @@ Patch151: kdelibs-4.5.2-plasma_wallpaper_configchanged.patch
 ## security fix
 # Not Upstreamed? why not ? -- Rex
 Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
+# Konqueror Partially Universal XSS in Error Pages
+# http://www.kde.org/info/security/advisory-20110411-1.txt
+Patch201: kdelibs-4.5.5-CVE-2011-1168.patch
 
 %if 0%{?fedora} && 0%{?fedora} < 13
 Conflicts: kdebase-workspace-libs < 4.3.80
@@ -276,6 +279,7 @@ format for use with the Qt 4 Assistant or KDevelop 4.
 
 # security fix
 %patch200 -p1 -b .CVE-2009-2702
+%patch201 -p1 -b .CVE-2011-1168
 
 # add release version as part of branding (suggested by cailon)
 sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanager.cpp
@@ -518,6 +522,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Mon Apr 11 2011 Than Ngo <than at redhat.com> - 4.5.5-2
+- CVE-2011-1168, Konqueror Partially Universal XSS in Error Pages
+
 * Wed Jan 05 2011 Rex Dieter <rdieter at fedoraproject.org> 4.5.5-1
 - 4.5.5
 
