Module Name: src
Committed By: msaitoh
Date: Wed May 14 05:26:31 UTC 2014
Modified Files:
src/doc [netbsd-5-1]: CHANGES-5.1.5
Log Message:
Ticket 1905.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.4 -r1.1.2.5 src/doc/CHANGES-5.1.5
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-5.1.5
diff -u src/doc/CHANGES-5.1.5:1.1.2.4 src/doc/CHANGES-5.1.5:1.1.2.5
--- src/doc/CHANGES-5.1.5:1.1.2.4 Wed May 14 05:18:26 2014
+++ src/doc/CHANGES-5.1.5 Wed May 14 05:26:31 2014
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.1.5,v 1.1.2.4 2014/05/14 05:18:26 msaitoh Exp $
+# $NetBSD: CHANGES-5.1.5,v 1.1.2.5 2014/05/14 05:26:31 msaitoh Exp $
A complete list of changes from the NetBSD 5.1.4 release to the NetBSD 5.1.5
release:
@@ -58,3 +58,19 @@ src/sys/compat/linux/common/linux_exec_e
chs@/enami@
[maxv, ticket #1902]
+
+xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c 1.2
+xsrc/external/mit/libXfont/dist/src/fc/fserve.c 1.2
+xsrc/external/mit/libXfont/dist/src/fontfile/dirfile.c 1.2
+xsrc/xfree/xc/lib/font/fc/fsconvert.c 1.5
+xsrc/xfree/xc/lib/font/fc/fserve.c 1.5
+xsrc/xfree/xc/lib/font/fontfile/dirfile.c 1.5
+
+ Fix multiple vulnerabilities in libXfont:
+ - CVE-2014-0209: integer overflow of allocations in font metadata
+ file parsing
+ - CVE-2014-0210: unvalidated length fields when parsing xfs protocol
+ replies
+ - CVE-2014-0211: integer overflows calculating memory needs for xfs
+ replies
+ [spz, ticket #1905]
