[qt/f15] CVE-2011-3922, stack-based buffer overflow in embedded harfbuzz code

Mon Jan 9 12:32:40 UTC 2012

commit 5d38d7b042649ae0218ccd847fc9f05a9e54267f
Author: Than Ngo <than at redhat.com>
Date:   Mon Jan 9 13:32:32 2012 +0100

    CVE-2011-3922, stack-based buffer overflow in embedded harfbuzz code

 qt-4.8.0-CVE-2011-3922-bz#772125.patch |   12 ++++++++++++
 qt.spec                                |    9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletions(-)
---

diff --git a/qt-4.8.0-CVE-2011-3922-bz#772125.patch b/qt-4.8.0-CVE-2011-3922-bz#772125.patch
new file mode 100644
index 0000000..31f3b9f
--- /dev/null
+++ b/qt-4.8.0-CVE-2011-3922-bz#772125.patch
@@ -0,0 +1,12 @@
+--- qt-4/src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c.bz#772125	2012-01-09 10:16:08.000000000 +0100
++++ qt-4/src/3rdparty/harfbuzz/src/harfbuzz-myanmar.c	2012-01-09 10:16:47.000000000 +0100
+@@ -359,7 +359,8 @@
+         if (kinzi >= 0 && i > base && (cc & Mymr_CF_AFTER_KINZI)) {
+             reordered[len] = Mymr_C_NGA;
+             reordered[len+1] = Mymr_C_VIRAMA;
+-            properties[len-1] = AboveForm;
++            if (len > 0)
++                properties[len-1] = AboveForm;
+             properties[len] = AboveForm;
+             len += 2;
+             kinzi = -1;
diff --git a/qt.spec b/qt.spec
index 8d79849..8bfa602 100644
--- a/qt.spec
+++ b/qt.spec
@@ -18,7 +18,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.7.4
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -114,7 +114,10 @@ Patch202: 0002-This-patch-makes-override-redirect-windows-popup-men.patch
 Patch205: 0005-When-tabs-are-inserted-or-removed-in-a-QTabBar.patch
 
 # security patches
+# CVE-2010-1822, WebKit: DoS (crash) by processing certain SVG images
 Patch300: qt-everywhere-opensource-src-4.7.0-CVE-2010-1822-crash-svg-image.patch
+# CVE-2011-3922, stack-based buffer overflow in embedded harfbuzz code
+Patch301: qt-4.8.0-CVE-2011-3922-bz#772125.patch
 
 # gstreamer logos
 Source10: http://gstreamer.freedesktop.org/data/images/artwork/gstreamer-logo.svg
@@ -560,6 +563,7 @@ Qt libraries used for drawing widgets and OpenGL items.
 
 # security fixes
 %patch300 -p1 -b .CVE-2010-1822-crash-svg-image
+%patch301 -p1 -b .CVE-2011-3922-bz#772125
 
 # drop -fexceptions from $RPM_OPT_FLAGS
 RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
@@ -1305,6 +1309,9 @@ fi
 
 
 %changelog
+* Mon Jan 09 2012 Than Ngo <than at redhat.com> - 1:4.7.4-9
+- bz#772128, CVE-2011-3922, Stack-based buffer overflow in embedded harfbuzz code
+
 * Tue Dec 27 2011 Rex Dieter <rdieter at fedoraproject.org> 1:4.7.4-8
 - filter event patch, an attempt to avoid "ghost entries in kde taskbar" problem
 
