On 14.02.2015 05:47 PM, [email protected] wrote: > This is an automated email from the git hooks/post-receive script. > > x2go pushed a commit to branch 3.6.x > in repository nx-libs. > > commit b65259bf3bcca15b5069cb7a6c06f95a40f79813 > Author: Mike DePaulo <[email protected]> > Date: Sun Feb 8 22:38:32 2015 -0500 > > CVE-2014-0210: unvalidated length fields in fs_read_list_info() from > xorg/lib/libXfont commit d338f81df1e188eb16e1d6aeea7f4800f89c1218 > > fs_read_list_info() parses a reply from the font server. The reply > contains a number of additional data items with embedded length or > count fields, none of which are validated. This can cause out of > bound reads when looping over these items in the reply. > --- > nx-X11/lib/font/fc/fserve.c | 56 > ++++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 55 insertions(+), 1 deletion(-) > > diff --git a/nx-X11/lib/font/fc/fserve.c b/nx-X11/lib/font/fc/fserve.c > index 60d9017..6ba3ad4 100644 > --- a/nx-X11/lib/font/fc/fserve.c > +++ b/nx-X11/lib/font/fc/fserve.c > @@ -2500,6 +2500,7 @@ fs_read_list_info(FontPathElementPtr fpe, > FSBlockDataPtr blockrec) > FSBlockedListInfoPtr binfo = (FSBlockedListInfoPtr) blockrec->data; > fsListFontsWithXInfoReply *rep; > char *buf; > + long bufleft;
Same here. Everything else in this patch looks OK.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ x2go-dev mailing list [email protected] http://lists.x2go.org/listinfo/x2go-dev
