Bug#970311: buster-pu: qt4-x11/4:4.8.7+dfsg-18 -> 4:4.8.7+dfsg-18+deb10u1

[Lisandro Damián Nicanor Pérez Meyer]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

Dear stable release team,

I'd like to update qt4-x11 in stable in order to fix Debian bug
#970308 CVE-2020-17507
The security team decided not to issue a DSA but it would be good to
have it fixed non the less.

I'll be uploading to buster-p-u soon.

Thanks for considering it, Lisandro.

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

diff -Nru qt4-x11-4.8.7+dfsg/debian/changelog qt4-x11-4.8.7+dfsg/debian/changelog
--- qt4-x11-4.8.7+dfsg/debian/changelog	2019-04-12 17:10:28.000000000 -0300
+++ qt4-x11-4.8.7+dfsg/debian/changelog	2020-09-14 10:56:35.000000000 -0300
@@ -1,3 +1,10 @@
+qt4-x11 (4:4.8.7+dfsg-18+deb10u1) buster; urgency=medium
+
+  * Backport upstream patch to fix buffer overflow in XBM parser
+    (CVE-2020-17507, closes: #968444).
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org>  Mon, 14 Sep 2020 10:56:35 -0300
+
 qt4-x11 (4:4.8.7+dfsg-18) unstable; urgency=medium
 
   * Team upload.
diff -Nru qt4-x11-4.8.7+dfsg/debian/patches/CVE-2020-17507.patch qt4-x11-4.8.7+dfsg/debian/patches/CVE-2020-17507.patch
--- qt4-x11-4.8.7+dfsg/debian/patches/CVE-2020-17507.patch	1969-12-31 21:00:00.000000000 -0300
+++ qt4-x11-4.8.7+dfsg/debian/patches/CVE-2020-17507.patch	2020-09-14 09:52:18.000000000 -0300
@@ -0,0 +1,21 @@
+Description: fix buffer overflow in XBM parser
+Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1616c71921b73b22
+Last-Update: 2020-08-18
+
+---
+ src/gui/image/qxbmhandler.cpp |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/gui/image/qxbmhandler.cpp
++++ b/src/gui/image/qxbmhandler.cpp
+@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *dev
+     w = (w+7)/8;                                // byte width
+ 
+     while (y < h) {                                // for all encoded bytes...
+-        if (p) {                                // p = "0x.."
++        if (p && p < (buf + readBytes - 3)) {      // p = "0x.."
++            if (!isxdigit(p[2]) || !isxdigit(p[3]))
++                return false;
+             *b++ = hex2byte(p+2);
+             p += 2;
+             if (++x == w && ++y < h) {
diff -Nru qt4-x11-4.8.7+dfsg/debian/patches/series qt4-x11-4.8.7+dfsg/debian/patches/series
--- qt4-x11-4.8.7+dfsg/debian/patches/series	2019-04-12 17:10:28.000000000 -0300
+++ qt4-x11-4.8.7+dfsg/debian/patches/series	2020-09-14 10:04:34.000000000 -0300
@@ -19,6 +19,7 @@
 CVE-2018-19871.patch
 CVE-2018-19872.patch
 CVE-2018-19873.patch
+CVE-2020-17507.patch
 
 # qt-copy patches
 0195-compositing-properties.diff