summaryrefslogtreecommitdiffstats
path: root/kde/kdelibs/kdelibs.kssl.CVE-2011-3365.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde/kdelibs/kdelibs.kssl.CVE-2011-3365.patch')
-rw-r--r--kde/kdelibs/kdelibs.kssl.CVE-2011-3365.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/kde/kdelibs/kdelibs.kssl.CVE-2011-3365.patch b/kde/kdelibs/kdelibs.kssl.CVE-2011-3365.patch
new file mode 100644
index 0000000..d05e44b
--- /dev/null
+++ b/kde/kdelibs/kdelibs.kssl.CVE-2011-3365.patch
@@ -0,0 +1,24 @@
+commit 9ca2b26fc67c3f921e1943c1725fca623e395854
+Author: David Faure <faure@kde.org>
+Date: Thu Jun 30 23:43:45 2011 +0200
+
+ Security fix: don't interpret html tags
+
+ Credits to Tim Brown for the find.
+ (cherry picked from commit bd70d4e589711fda9ab07738c46e37eee8376214)
+
+diff --git a/kio/kssl/ksslcertificatebox.cpp b/kio/kssl/ksslcertificatebox.cpp
+index 4ffc613..094787a 100644
+--- a/kio/kssl/ksslcertificatebox.cpp
++++ b/kio/kssl/ksslcertificatebox.cpp
+@@ -36,6 +36,10 @@ KSslCertificateBox::KSslCertificateBox(QWidget *parent)
+ d(new KSslCertificateBoxPrivate())
+ {
+ d->ui.setupUi(this);
++ // No fooling us with html tags
++ Q_FOREACH(QLabel* label, qFindChildren<QLabel *>(this)) {
++ label->setTextFormat(Qt::PlainText);
++ }
+ }
+
+