Bug#1036563: unblock: qt6-svg/6.4.2-2

Mon, 22 May 2023 10:06:31 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qt6-...@packages.debian.org, delta...@debian.org, 
lisan...@debian.org
Control: affects -1 + src:qt6-svg

Please unblock package qt6-svg

[ Reason ]
Fixes CVE-2023-32573.

[ Impact ]
This patch avoids a crash when parsing malformed/crafted SVG files.

[ Tests ]
Done by upstream, it basically makes sures a variable has a default
value.

[ Risks ]
None that I can think of.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock qt6-svg/6.4.2-2

diff --git a/debian/changelog b/debian/changelog
index 41242b5..78f7594 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+qt6-svg (6.4.2-2) unstable; urgency=medium
+
+  * Team upload.
+  * Add patch to solve CVE-2023-32573.
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org>  Mon, 22 May 
2023 10:48:50 -0300
+
 qt6-svg (6.4.2-1) unstable; urgency=medium
 
   [ Patrick Franz ]
diff --git a/debian/patches/cve-2023-32573.diff 
b/debian/patches/cve-2023-32573.diff
new file mode 100644
index 0000000..750f29e
--- /dev/null
+++ b/debian/patches/cve-2023-32573.diff
@@ -0,0 +1,37 @@
+---
+ src/svg/qsvgfont_p.h    |    5 ++---
+ src/svg/qsvghandler.cpp |    2 +-
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+--- a/src/svg/qsvgfont_p.h
++++ b/src/svg/qsvgfont_p.h
+@@ -38,6 +38,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++    static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+     QSvgFont(qreal horizAdvX);
+ 
+     void setFamilyName(const QString &name);
+@@ -50,9 +51,7 @@ public:
+     void draw(QPainter *p, const QPointF &point, const QString &str, qreal 
pixelSize, Qt::Alignment alignment) const;
+ public:
+     QString m_familyName;
+-    qreal m_unitsPerEm;
+-    qreal m_ascent;
+-    qreal m_descent;
++    qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+     qreal m_horizAdvX;
+     QHash<QChar, QSvgGlyph> m_glyphs;
+ };
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleP
+ 
+     qreal unitsPerEm = toDouble(unitsPerEmStr);
+     if (!unitsPerEm)
+-        unitsPerEm = 1000;
++        unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+ 
+     if (!name.isEmpty())
+         font->setFamilyName(name);
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..71efccf
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+# Fixed in 6.5.
+cve-2023-32573.diff

Reply via email to