1 files changed, 4 insertions, 3 deletions

diff --git a/debian/patches/1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch b/debian/patches/1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch
index 619794f7e..1d880399f 100644
--- a/debian/patches/1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch
+++ b/debian/patches/1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch
@@ -1,4 +1,4 @@
-From d4c76981f7fddb364166464c571ed8d3de3086cd Mon Sep 17 00:00:00 2001
+From b6b5b14e4190048fadbfbcf063d873d318127e81 Mon Sep 17 00:00:00 2001
 From: Alan Coopersmith <alan.coopersmith@oracle.com>
 Date: Mon, 6 Jan 2014 23:30:14 -0800
 Subject: [PATCH 20/40] dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]
@@ -14,6 +14,7 @@ This patch caps the list at 1mb, because multi-megabyte hostname
 lists for X access control are insane.
 
 v2: backport to nx-libs 3.6.x (Mike DePaulo)
+v3: human-readable version of "1 MB" (Mihai Moldovan)
 Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
 Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
@@ -25,7 +26,7 @@ Conflicts:
  1 file changed, 6 insertions(+)
 
 diff --git a/nx-X11/programs/Xserver/os/access.c b/nx-X11/programs/Xserver/os/access.c
-index b6a70a7..0e9d138 100644
+index b6a70a7..532a2f8 100644
 --- a/nx-X11/programs/Xserver/os/access.c
 +++ b/nx-X11/programs/Xserver/os/access.c
 @@ -1719,6 +1719,10 @@ GetHosts (
@@ -34,7 +35,7 @@ index b6a70a7..0e9d138 100644
  	n += (((host->len + 3) >> 2) << 2) + sizeof(xHostEntry);
 +        /* Could check for INT_MAX, but in reality having more than 1mb of
 +           hostnames in the access list is ridiculous */
-+        if (n >= 1048576)
++        if (n >= 1024*1024)
 +            break;
      }
      if (n)