Module Name: src
Committed By: msaitoh
Date: Wed May 14 03:56:31 UTC 2014
Modified Files:
src/doc [netbsd-6-0]: CHANGES-6.0.6
Log Message:
Ticket 1063.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.4 -r1.1.2.5 src/doc/CHANGES-6.0.6
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-6.0.6
diff -u src/doc/CHANGES-6.0.6:1.1.2.4 src/doc/CHANGES-6.0.6:1.1.2.5
--- src/doc/CHANGES-6.0.6:1.1.2.4 Mon Apr 21 21:04:27 2014
+++ src/doc/CHANGES-6.0.6 Wed May 14 03:56:31 2014
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.0.6,v 1.1.2.4 2014/04/21 21:04:27 bouyer Exp $
+# $NetBSD: CHANGES-6.0.6,v 1.1.2.5 2014/05/14 03:56:31 msaitoh Exp $
A complete list of changes from the NetBSD 6.0.5 release to the NetBSD 6.0.6
release:
@@ -73,3 +73,18 @@ sys/compat/linux/common/linux_exec_elf32
Rewrite the code so that we don't need to allocate the whole section.
[maxv, ticket #1051]
+xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c 1.2
+xsrc/external/mit/libXfont/dist/src/fc/fserve.c 1.2
+xsrc/external/mit/libXfont/dist/src/fontfile/dirfile.c 1.2
+xsrc/xfree/xc/lib/font/fc/fsconvert.c 1.5
+xsrc/xfree/xc/lib/font/fc/fserve.c 1.5
+xsrc/xfree/xc/lib/font/fontfile/dirfile.c 1.5
+
+ Fix multiple vulnerabilities in libXfont:
+ - CVE-2014-0209: integer overflow of allocations in font metadata
+ file parsing
+ - CVE-2014-0210: unvalidated length fields when parsing xfs protocol
+ replies
+ - CVE-2014-0211: integer overflows calculating memory needs for xfs
+ replies
+ [spz, ticket #1063]
