From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Date: Thu, 29 Feb 2024 21:45:27 +0000 (+0000)
Subject: cve-2023-32762
X-Git-Tag: archive/raspbian/6.4.2+dfsg-21.1+rpi1^2~16
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=85210ddb483a8c2cc673059c072a16f408c6a562;p=qt6-base.git

cve-2023-32762


Gbp-Pq: Name cve-2023-32762.diff
---

diff --git a/src/network/access/qhsts.cpp b/src/network/access/qhsts.cpp
index 39905f35..26d9f369 100644
--- a/src/network/access/qhsts.cpp
+++ b/src/network/access/qhsts.cpp
@@ -328,7 +328,7 @@ bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &header
 {
     for (const auto &h : headers) {
         // We use '==' since header name was already 'trimmed' for us:
-        if (h.first == "Strict-Transport-Security") {
+        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
             header = h.second;
             // RFC6797, 8.1:
             //