CVE security review: Add…

CVE security review: Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch & 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. - Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch. Initialize remaining bufleft variables (nx-X11/lib/font/fc/fserve.c). - Add 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Do proper input validation to fix for CVE-2011-2895.

CVE security review: Add…
650181c2 · Mihai Moldovan · Mike Gabriel · ae898ff1 · 650181c2 · 650181c2
Commit 650181c2 authored Feb 16, 2015 by Mihai Moldovan Committed by Mike Gabriel Feb 16, 2015
4 changed files
--- a/debian/changelog
+++ b/debian/changelog
@@ -204,6 +204,10 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium
      Apply correctly on nx-libs 3.6.x.
    - Update 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch.
      Human-readable version of "1 MB".
+    - Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch.
+      Initialize remaining bufleft variables (nx-X11/lib/font/fc/fserve.c).
+    - Add 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch.
+      Do proper input validation to fix for CVE-2011-2895.

 -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Thu, 13 Nov 2014 21:59:00 +0100


--- a/debian/patches/1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch
+++ b/debian/patches/1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch
 From b04f11915e29d9563d279e1326f61b50ea414dba Mon Sep 17 00:00:00 2001
 From: Mihai Moldovan <ionic@ionic.de>
 Date: Mon, 16 Feb 2015 06:03:48 +0100
-Subject: [PATCH 07/15] nx-X11/lib/font/fc/fserve.c: initialize remaining
+Subject: [PATCH 01/02] nx-X11/lib/font/fc/fserve.c: initialize remaining
 bufleft variables.

 ---

--- a/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch
+++ b/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch
 From 6acafc9334828da22446380c81af81bde14b5d86 Mon Sep 17 00:00:00 2001
 From: Joerg Sonnenberger <joerg@britannica.bec.de>
 Date: Sun, 21 Aug 2011 18:51:53 +0200
-Subject: [PATCH 08/15] Do proper input validation to fix for CVE-2011-2895.
+Subject: [PATCH 02/02] Do proper input validation to fix for CVE-2011-2895.

 It ensures that all valid input can be decompressed, checks that the
 overflow conditions doesn't happen and generally tightens the

--- a/debian/patches/series
+++ b/debian/patches/series
@@ -112,5 +112,7 @@
 1038-glx-Length-checking-for-non-generated-single-request.patch
 1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch
 1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch
+1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch
+1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch
 0016_nx-X11_install-location.debian.patch
 0102_xserver-xext_set-securitypolicy-path.debian.patch