On Sun, Feb 15, 2015 at 3:01 PM, Michael DePaulo <mikedep...@gmail.com> wrote: > On Sun, Feb 15, 2015 at 2:11 PM, Mihai Moldovan <io...@ionic.de> wrote: >> On 14.02.2015 05:47 PM, git-ad...@x2go.org wrote: >>> This is an automated email from the git hooks/post-receive script. >>> >>> x2go pushed a commit to branch 3.6.x >>> in repository nx-libs. >>> >>> commit af55da1e9c1a6a352b24823a8f7062c288ffbbc0 >>> Author: Mike DePaulo <mikedep...@gmail.com> >>> Date: Sun Feb 8 19:15:20 2015 -0500 >>> >>> LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit >>> d11ee5886e9d9ec610051a206b135a4cdc1e09a0 >>> >>> Specially crafted LZW stream can crash an application using libXfont >>> that is used to open untrusted font files. With X server, this may >>> allow privilege escalation when exploited >>> --- >>> nx-X11/lib/font/fontfile/decompress.c | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/nx-X11/lib/font/fontfile/decompress.c >>> b/nx-X11/lib/font/fontfile/decompress.c >>> index a4c5468..553b315 100644 >>> --- a/nx-X11/lib/font/fontfile/decompress.c >>> +++ b/nx-X11/lib/font/fontfile/decompress.c >>> @@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f) >>> */ >>> while ( code >= 256 ) >>> { >>> + if (stackp - de_stack >= STACK_SIZE - 1) >>> + return BUFFILEEOF; >> Personally, I would have written that as >> if ((stackp - de_stack) >= (STACK_SIZE - 1)) >> >> But that's my personal style and I like to over-parenthesis. > Both the upstream commit and the RHEL5 patch have it written this way, > but I agree that your style is better. > > http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 > > ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/libXfont-1.2.2-1.0.6.el5_11.src.rpm > (cve-2011-2895.patch)
On a related note, upstream has this follow-up commit: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=bd48ad11fd11412c62c3ac8ed5d52c4f10a985aa It was not backported to RHEL5 though. _______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev