Module Name: src
Committed By: msaitoh
Date: Wed May 14 05:24:46 UTC 2014
Modified Files:
src/doc [netbsd-5]: CHANGES-5.3
Log Message:
Ticket 1905.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.53 -r1.1.2.54 src/doc/CHANGES-5.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-5.3
diff -u src/doc/CHANGES-5.3:1.1.2.53 src/doc/CHANGES-5.3:1.1.2.54
--- src/doc/CHANGES-5.3:1.1.2.53 Wed May 14 05:15:06 2014
+++ src/doc/CHANGES-5.3 Wed May 14 05:24:46 2014
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.3,v 1.1.2.53 2014/05/14 05:15:06 msaitoh Exp $
+# $NetBSD: CHANGES-5.3,v 1.1.2.54 2014/05/14 05:24:46 msaitoh Exp $
A complete list of changes from the NetBSD 5.2 release to the NetBSD 5.3
release:
@@ -774,3 +774,19 @@ src/sys/compat/linux/common/linux_exec_e
chs@/enami@
[maxv, ticket #1902]
+
+xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c 1.2
+xsrc/external/mit/libXfont/dist/src/fc/fserve.c 1.2
+xsrc/external/mit/libXfont/dist/src/fontfile/dirfile.c 1.2
+xsrc/xfree/xc/lib/font/fc/fsconvert.c 1.5
+xsrc/xfree/xc/lib/font/fc/fserve.c 1.5
+xsrc/xfree/xc/lib/font/fontfile/dirfile.c 1.5
+
+ Fix multiple vulnerabilities in libXfont:
+ - CVE-2014-0209: integer overflow of allocations in font metadata
+ file parsing
+ - CVE-2014-0210: unvalidated length fields when parsing xfs protocol
+ replies
+ - CVE-2014-0211: integer overflows calculating memory needs for xfs
+ replies
+ [spz, ticket #1905]
