CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2012/04/10 05:59:44
Modified files:
www/links+ : Makefile distinfo
www/links+/patches: patch-html_c
Removed files:
www/links+/patches: patch-dip_c
Log message:
Security update to links 2.6, fixes include:
- Buffer overflow when pasting too long text from clipboard to dialog
boxes (not remotely exploitable)
- A write out of allocated memory in the graphics renderer
(potentially exploitable)
- An infinite loop when parsing invalid usemap specification in text and
graphics mode (can cause browser lockup, but not otherwise exploitable)
- Accesses out of memory in the xbm decoder (potentially exploitable)
Also drop dip.c patch to resolve crashes with libpng 1.5, upstream
appears to have fixed this separately in the update to 2.5.
Thanks jasper@ for additional testing.
