head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.6
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.4
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.2
	pkgsrc-2011Q4-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2011.09.04.15.42.51;	author adam;	state dead;
branches;
next	1.1;

1.1
date	2011.08.30.22.18.31;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Qt 4.7.4 is a bug-fix release. It maintains both forward and backward
compatibility (source and binary) with Qt 4.7.0.  For more details,
refer to the online documentation included in this distribution. The
documentation is also available online.
  http:
@
text
@$NetBSD: patch-db,v 1.1 2011/08/30 22:18:31 drochner Exp $

CVE-2011-3193

--- src/3rdparty/harfbuzz/src/harfbuzz-gpos.c.orig	2011-03-30 05:19:01.000000000 +0000
+++ src/3rdparty/harfbuzz/src/harfbuzz-gpos.c
@@@@ -3012,6 +3012,9 @@@@ static HB_Error  Lookup_MarkMarkPos( GPO
     j--;
   }
 
+  if ( i > buffer->in_pos )
+    return HB_Err_Not_Covered;
+
   error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ),
 			  &mark2_index );
   if ( error )
@


1.1
log
@add 2 patches from upstream to fix possible buffer overflows
(CVE-2011-3193, CVE-2011-3194)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@