CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2022/10/06 11:10:21
Modified files:
x11/dbus : Tag: OPENBSD_7_1 Makefile
Added files:
x11/dbus/patches: Tag: OPENBSD_7_1
patch-dbus_dbus-marshal-byteswap_c
patch-dbus_dbus-marshal-validate_c
Log message:
Merge security fixes from upstream.
CVE-2022-42010
A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example.
CVE-2022-42011
An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
CVE-2022-42012
A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0.
