Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: qtsvg-opensource-...@packages.debian.org Control: affects -1 + src:qtsvg-opensource-src
Please unblock package qtsvg-opensource-src. [ Reason ] This fixes a security bug. See: - https://security-tracker.debian.org/tracker/CVE-2023-32573 - https://www.qt.io/blog/security-advisory-qt-svg [ Impact ] Use of uninitialized variable which is undefined behavior, e.g. may lead to division by zero. [ Tests ] The upstream test suite is run during build. [ Risks ] The change is quite trivial, it just initializes the variable and uses a constant to keep the value in one place. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock qtsvg-opensource-src/5.15.8-3 -- Dmitry Shachnev
--- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +qtsvg-opensource-src (5.15.8-3) unstable; urgency=medium + + * Backport upstream commit to initialize QSvgFont::m_unitsPerEm + (CVE-2023-32573). + + -- Dmitry Shachnev <mity...@debian.org> Sun, 21 May 2023 19:06:01 +0300 + qtsvg-opensource-src (5.15.8-2) unstable; urgency=medium * Upload to unstable. --- /dev/null +++ b/debian/patches/CVE-2023-32573.diff @@ -0,0 +1,34 @@ +Description: QSvgFont: initialize m_unitsPerEm to fix undefined behavior +Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff +Last-Update: 2023-05-21 + +--- a/src/svg/qsvgfont_p.h ++++ b/src/svg/qsvgfont_p.h +@@ -74,6 +74,7 @@ public: + class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted + { + public: ++ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000; + QSvgFont(qreal horizAdvX); + + void setFamilyName(const QString &name); +@@ -86,7 +87,7 @@ public: + void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const; + public: + QString m_familyName; +- qreal m_unitsPerEm; ++ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM; + qreal m_ascent; + qreal m_descent; + qreal m_horizAdvX; +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -2666,7 +2666,7 @@ static bool parseFontFaceNode(QSvgStyleP + + qreal unitsPerEm = toDouble(unitsPerEmStr); + if (!unitsPerEm) +- unitsPerEm = 1000; ++ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM; + + if (!name.isEmpty()) + font->setFamilyName(name); --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ reject_oversize_svgs.diff +CVE-2023-32573.diff
signature.asc
Description: PGP signature
