[qt] bz#772128, CVE-2011-3922, Stack-based buffer overflow in embedded harfbuzz code

Than Ngo than at fedoraproject.org
Mon Jan 9 09:29:57 UTC 2012 

commit f1d2a1410f2a75a1fdc1436a20fdd0c67004a9f6
Author: Than Ngo <than at redhat.com>
Date:   Mon Jan 9 10:29:49 2012 +0100

    bz#772128, CVE-2011-3922, Stack-based buffer overflow in embedded harfbuzz code

 qt-4.8.0-CVE-2011-3922-bz#772125.patch |   12 ++++++++++++
 qt.spec                                |    8 +++++++-
 2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/qt-4.8.0-CVE-2011-3922-bz#772125.patch b/qt-4.8.0-CVE-2011-3922-bz#772125.patch
new file mode 100644
index 0000000..48366de
--- /dev/null
+++ b/qt-4.8.0-CVE-2011-3922-bz#772125.patch
@@ -0,0 +1,12 @@
+--- src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c.bz#772125	2012-01-09 10:16:08.000000000 +0100
++++ src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c	2012-01-09 10:16:47.000000000 +0100
+@@ -359,7 +359,8 @@
+         if (kinzi >= 0 && i > base && (cc & Mymr_CF_AFTER_KINZI)) {
+             reordered[len] = Mymr_C_NGA;
+             reordered[len+1] = Mymr_C_VIRAMA;
+-            properties[len-1] = AboveForm;
++            if (len > 0)
++                properties[len-1] = AboveForm;
+             properties[len] = AboveForm;
+             len += 2;
+             kinzi = -1;
diff --git a/qt.spec b/qt.spec
index b69ac59..f7585e8 100644
--- a/qt.spec
+++ b/qt.spec
@@ -11,7 +11,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.8.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -110,6 +110,8 @@ Patch79: qt-everywhere-opensource-src-4.8.0-qvfb.patch
 # upstream patches
 
 # security patches
+# CVE-2011-3922 qt: Stack-based buffer overflow in embedded harfbuzz code
+Patch200: qt-4.8.0-CVE-2011-3922-bz#772125.patch
 
 # desktop files
 Source20: assistant.desktop
@@ -439,6 +441,7 @@ popd
 # upstream patches
 
 # security fixes
+%patch200 -p1 -b .CVE-2011-3922
 
 # drop -fexceptions from $RPM_OPT_FLAGS
 RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
@@ -1061,6 +1064,9 @@ fi
 
 
 %changelog
+* Mon Jan 09 2012 Than Ngo <than at redhat.com> - 4.8.0-6
+- bz#772128, CVE-2011-3922, Stack-based buffer overflow in embedded harfbuzz code
+
 * Tue Dec 27 2011 Rex Dieter <rdieter at fedoraproject.org> 4.8.0-5
 - fix qvfb

More information about the scm-commits mailing list