Bug#970311: buster-pu: qt4-x11/4:4.8.7+dfsg-18 -> 4:4.8.7+dfsg-18+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Dear stable release team,
I'd like to update qt4-x11 in stable in order to fix Debian bug
#970308 CVE-2020-17507
The security team decided not to issue a DSA but it would be good to
have it fixed non the less.
I'll be uploading to buster-p-u soon.
Thanks for considering it, Lisandro.
--
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
diff -Nru qt4-x11-4.8.7+dfsg/debian/changelog qt4-x11-4.8.7+dfsg/debian/changelog
--- qt4-x11-4.8.7+dfsg/debian/changelog 2019-04-12 17:10:28.000000000 -0300
+++ qt4-x11-4.8.7+dfsg/debian/changelog 2020-09-14 10:56:35.000000000 -0300
@@ -1,3 +1,10 @@
+qt4-x11 (4:4.8.7+dfsg-18+deb10u1) buster; urgency=medium
+
+ * Backport upstream patch to fix buffer overflow in XBM parser
+ (CVE-2020-17507, closes: #968444).
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> Mon, 14 Sep 2020 10:56:35 -0300
+
qt4-x11 (4:4.8.7+dfsg-18) unstable; urgency=medium
* Team upload.
diff -Nru qt4-x11-4.8.7+dfsg/debian/patches/CVE-2020-17507.patch qt4-x11-4.8.7+dfsg/debian/patches/CVE-2020-17507.patch
--- qt4-x11-4.8.7+dfsg/debian/patches/CVE-2020-17507.patch 1969-12-31 21:00:00.000000000 -0300
+++ qt4-x11-4.8.7+dfsg/debian/patches/CVE-2020-17507.patch 2020-09-14 09:52:18.000000000 -0300
@@ -0,0 +1,21 @@
+Description: fix buffer overflow in XBM parser
+Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1616c71921b73b22
+Last-Update: 2020-08-18
+
+---
+ src/gui/image/qxbmhandler.cpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/gui/image/qxbmhandler.cpp
++++ b/src/gui/image/qxbmhandler.cpp
+@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *dev
+ w = (w+7)/8; // byte width
+
+ while (y < h) { // for all encoded bytes...
+- if (p) { // p = "0x.."
++ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
++ if (!isxdigit(p[2]) || !isxdigit(p[3]))
++ return false;
+ *b++ = hex2byte(p+2);
+ p += 2;
+ if (++x == w && ++y < h) {
diff -Nru qt4-x11-4.8.7+dfsg/debian/patches/series qt4-x11-4.8.7+dfsg/debian/patches/series
--- qt4-x11-4.8.7+dfsg/debian/patches/series 2019-04-12 17:10:28.000000000 -0300
+++ qt4-x11-4.8.7+dfsg/debian/patches/series 2020-09-14 10:04:34.000000000 -0300
@@ -19,6 +19,7 @@
CVE-2018-19871.patch
CVE-2018-19872.patch
CVE-2018-19873.patch
+CVE-2020-17507.patch
# qt-copy patches
0195-compositing-properties.diff
Reply to: