Control: close -1 Closing (and agreeing on this) by use request.
Mike On Mo 02 Feb 2015 21:39:50 CET, Heinrich Schuchardt wrote:
Squeeze reached end of life. Package libc6 in wheezy is patched against the bug. Package libc6 in jessie is not vulnerable as it uses a newer libc6 release. So I think we should close this bug and concentrate on updating our mesa code to the newest version instead of patching some old version. Best regards Heinrich On 31.01.2015 16:04, Mike Gabriel wrote:Hi Heinrich, On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:package: nx-libs version: head In different parts of the nx-libs library you can find usages of scanf like /* check for MESA_GAMMA environment variable */ gamma = _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma = v->GreenGamma = v->BlueGamma = 0.0; sscanf( gamma, "%f %f %f", &v->RedGamma, &v->GreenGamma, &v->BlueGamma ); According to cppcheck: scanf without field width limits can crash with huge input data on libc versions older than 2.13-25. Add a field width specifier to fix this problem: %i => %3iAny chance you could also provide a patch for this? Mike
-- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpy0zSXIyntq.pgp
Description: Digitale PGP-Signatur
_______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
