diff options
Diffstat (limited to 'kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch')
-rw-r--r-- | kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch b/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch new file mode 100644 index 000000000000..21108ae1fb6f --- /dev/null +++ b/kde-apps/messagelib/files/messagelib-18.08.3-CVE-2018-19516.patch @@ -0,0 +1,29 @@ +From 1fd737870f5a9c5bf44ad9fbd153ab4cf44e135d Mon Sep 17 00:00:00 2001 +From: Laurent Montel <montel@kde.org> +Date: Fri, 23 Nov 2018 07:37:02 +0100 +Subject: [PATCH] Exclude Refresh from MetaData (Not necessary) + +--- + .../src/messagepartthemes/default/defaultrenderer.cpp | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp b/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp +index a7ffe824..d5d41cf6 100644 +--- a/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp ++++ b/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp +@@ -308,6 +308,12 @@ QString processHtml(const QString &htmlSource, QString &extraHead) + return htmlSource; + } + extraHead = s.mid(startIndex + 6 , endIndex - startIndex - 6); ++ ++ //Don't authorize to refresh content. ++ if (s.contains(QStringLiteral("http-equiv=\"REFRESH\""), Qt::CaseInsensitive)) { ++ extraHead.clear(); ++ } ++ + s = s.mid(endIndex + 7).trimmed(); + } + +-- +2.19.2 + |