diff options
Diffstat (limited to 'debian/patches/1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch')
| -rw-r--r-- | debian/patches/1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/debian/patches/1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch b/debian/patches/1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch new file mode 100644 index 000000000..162bb218b --- /dev/null +++ b/debian/patches/1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch @@ -0,0 +1,29 @@ +From af55da1e9c1a6a352b24823a8f7062c288ffbbc0 Mon Sep 17 00:00:00 2001 +From: Mike DePaulo <mikedep333@gmail.com> +Date: Sun, 8 Feb 2015 19:15:20 -0500 +Subject: [PATCH 01/40] LZW decompress: fix for CVE-2011-2895 From + xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0 + + Specially crafted LZW stream can crash an application using libXfont + that is used to open untrusted font files. With X server, this may + allow privilege escalation when exploited +--- + nx-X11/lib/font/fontfile/decompress.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c +index a4c5468..553b315 100644 +--- a/nx-X11/lib/font/fontfile/decompress.c ++++ b/nx-X11/lib/font/fontfile/decompress.c +@@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f) + */ + while ( code >= 256 ) + { ++ if (stackp - de_stack >= STACK_SIZE - 1) ++ return BUFFILEEOF; + *stackp++ = file->tab_suffix[code]; + code = file->tab_prefix[code]; + } +-- +2.1.4 + |