Module Name: src
Committed By: msaitoh
Date: Wed May 14 03:52:21 UTC 2014
Modified Files:
src/doc [netbsd-6]: CHANGES-6.2
Log Message:
Ticket 1063.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.108 -r1.1.2.109 src/doc/CHANGES-6.2
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.108 src/doc/CHANGES-6.2:1.1.2.109
--- src/doc/CHANGES-6.2:1.1.2.108 Wed Apr 30 05:38:31 2014
+++ src/doc/CHANGES-6.2 Wed May 14 03:52:21 2014
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.108 2014/04/30 05:38:31 msaitoh Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.109 2014/05/14 03:52:21 msaitoh Exp $
A complete list of changes from the 6.1 release until the 6.2 release:
@@ -2192,3 +2192,19 @@ lib/libc/net/sethostent.c 1.20
Fix memory leak. This bug was introduced after releasing NetBSD 6.1.
[christos, ticket #1036]
+
+xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c 1.2
+xsrc/external/mit/libXfont/dist/src/fc/fserve.c 1.2
+xsrc/external/mit/libXfont/dist/src/fontfile/dirfile.c 1.2
+xsrc/xfree/xc/lib/font/fc/fsconvert.c 1.5
+xsrc/xfree/xc/lib/font/fc/fserve.c 1.5
+xsrc/xfree/xc/lib/font/fontfile/dirfile.c 1.5
+
+ Fix multiple vulnerabilities in libXfont:
+ - CVE-2014-0209: integer overflow of allocations in font metadata
+ file parsing
+ - CVE-2014-0210: unvalidated length fields when parsing xfs protocol
+ replies
+ - CVE-2014-0211: integer overflows calculating memory needs for xfs
+ replies
+ [spz, ticket #1063]
