summaryrefslogtreecommitdiffstats
path: root/kde/patch/kdelibs/kdelibs.kssl.CVE-2011-3365.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde/patch/kdelibs/kdelibs.kssl.CVE-2011-3365.patch')
-rw-r--r--kde/patch/kdelibs/kdelibs.kssl.CVE-2011-3365.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/kde/patch/kdelibs/kdelibs.kssl.CVE-2011-3365.patch b/kde/patch/kdelibs/kdelibs.kssl.CVE-2011-3365.patch
new file mode 100644
index 0000000..b44b865
--- /dev/null
+++ b/kde/patch/kdelibs/kdelibs.kssl.CVE-2011-3365.patch
@@ -0,0 +1,24 @@
+commit bd70d4e589711fda9ab07738c46e37eee8376214
+Author: David Faure <faure@kde.org>
+Date: Thu Jun 30 23:43:45 2011 +0200
+
+ Security fix: don't interpret html tags
+
+ Credits to Tim Brown for the find.
+
+diff --git a/kio/kssl/ksslcertificatebox.cpp b/kio/kssl/ksslcertificatebox.cpp
+index 4ffc613..094787a 100644
+--- a/kio/kssl/ksslcertificatebox.cpp
++++ b/kio/kssl/ksslcertificatebox.cpp
+@@ -36,6 +36,10 @@ KSslCertificateBox::KSslCertificateBox(QWidget *parent)
+ d(new KSslCertificateBoxPrivate())
+ {
+ d->ui.setupUi(this);
++ // No fooling us with html tags
++ Q_FOREACH(QLabel* label, qFindChildren<QLabel *>(this)) {
++ label->setTextFormat(Qt::PlainText);
++ }
+ }
+
+
+