diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2015-02-08 21:03:33 -0500 |
---|---|---|
committer | Mihai Moldovan <ionic@ionic.de> | 2015-02-16 05:54:00 +0100 |
commit | 31322c2bd9be76493a5a04a23ea68e063fe3b7e6 (patch) | |
tree | 95ad34e6d40c0d8687728ee4c682341d2e41c7d2 /nx-libs.spec | |
parent | c0d0e373d4c42c7813b1955fc18f5c9f63c725e0 (diff) | |
download | nx-libs-31322c2bd9be76493a5a04a23ea68e063fe3b7e6.tar.gz nx-libs-31322c2bd9be76493a5a04a23ea68e063fe3b7e6.tar.bz2 nx-libs-31322c2bd9be76493a5a04a23ea68e063fe3b7e6.zip |
CVE-2014-0210: unvalidated length in _fs_recv_conn_setup() from xorg/lib/libXfont commit 891e084b26837162b12f841060086a105edde86d
The connection setup reply from the font server can include a list
of alternate servers to contact if this font server stops working.
The reply specifies a total size of all the font server names, and
then provides a list of names. _fs_recv_conn_setup() allocated the
specified total size for copying the names to, but didn't check to
make sure it wasn't copying more data to that buffer than the size
it had allocated.
v2: use xfree() instead of free() for nx-libs 3.6.x (Mihai Moldovan)
Diffstat (limited to 'nx-libs.spec')
0 files changed, 0 insertions, 0 deletions