CVSROOT: /cvs Module name: xenocara Changes by: matth...@cvs.openbsd.org 2011/10/18 08:58:36
Modified files:
xserver/os : utils.c
Log message:
Fix CVE-2011-4028: File disclosure vulnerability.
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing file.
Note that xserver on OpenBSD isn't affected by CVE-2011-4029.
