Skip to content

N
nx-libs
Commit 650181c2 authored by Mihai Moldovan's avatar Mihai Moldovan Committed by Mike Gabriel
Browse files
Options

CVE security review: Add…

CVE security review: Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch & 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. - Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch. Initialize remaining bufleft variables (nx-X11/lib/font/fc/fserve.c). - Add 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Do proper input validation to fix for CVE-2011-2895.
parent ae898ff1
Show whitespace changes
Inline Side-by-side
Showing with 8 additions and 2 deletions
debian/changelog
View file @ 650181c2
...@@ -204,6 +204,10 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium ...@@ -204,6 +204,10 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium
Apply correctly on nx-libs 3.6.x. Apply correctly on nx-libs 3.6.x.
- Update 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch. - Update 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch.
Human-readable version of "1 MB". Human-readable version of "1 MB".
- Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch.
Initialize remaining bufleft variables (nx-X11/lib/font/fc/fserve.c).
- Add 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch.
Do proper input validation to fix for CVE-2011-2895.
-- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Thu, 13 Nov 2014 21:59:00 +0100 -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Thu, 13 Nov 2014 21:59:00 +0100
......
debian/patches/1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch
View file @ 650181c2
From b04f11915e29d9563d279e1326f61b50ea414dba Mon Sep 17 00:00:00 2001 From b04f11915e29d9563d279e1326f61b50ea414dba Mon Sep 17 00:00:00 2001
From: Mihai Moldovan <ionic@ionic.de> From: Mihai Moldovan <ionic@ionic.de>
Date: Mon, 16 Feb 2015 06:03:48 +0100 Date: Mon, 16 Feb 2015 06:03:48 +0100
Subject: [PATCH 07/15] nx-X11/lib/font/fc/fserve.c: initialize remaining Subject: [PATCH 01/02] nx-X11/lib/font/fc/fserve.c: initialize remaining
bufleft variables. bufleft variables.
--- ---
......
debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch
View file @ 650181c2
From 6acafc9334828da22446380c81af81bde14b5d86 Mon Sep 17 00:00:00 2001 From 6acafc9334828da22446380c81af81bde14b5d86 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@britannica.bec.de> From: Joerg Sonnenberger <joerg@britannica.bec.de>
Date: Sun, 21 Aug 2011 18:51:53 +0200 Date: Sun, 21 Aug 2011 18:51:53 +0200
Subject: [PATCH 08/15] Do proper input validation to fix for CVE-2011-2895. Subject: [PATCH 02/02] Do proper input validation to fix for CVE-2011-2895.
It ensures that all valid input can be decompressed, checks that the It ensures that all valid input can be decompressed, checks that the
overflow conditions doesn't happen and generally tightens the overflow conditions doesn't happen and generally tightens the
......
debian/patches/series
View file @ 650181c2
...@@ -112,5 +112,7 @@ ...@@ -112,5 +112,7 @@
1038-glx-Length-checking-for-non-generated-single-request.patch 1038-glx-Length-checking-for-non-generated-single-request.patch
1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch 1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch
1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch 1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch
1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch
1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch
0016_nx-X11_install-location.debian.patch 0016_nx-X11_install-location.debian.patch
0102_xserver-xext_set-securitypolicy-path.debian.patch 0102_xserver-xext_set-securitypolicy-path.debian.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment