libXt: Changes to 'master'
Alan Coopersmith
alanc at kemper.freedesktop.org
Thu May 23 08:37:24 PDT 2013
src/ResConfig.c | 50 ++++++++++++++++++---------------
src/Selection.c | 84 +++++++++++++++++++++++++++++++-------------------------
2 files changed, 74 insertions(+), 60 deletions(-)
New commits:
commit 1f4802b745aa172d375cb79403cb1e013e6aa4c0
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Mar 9 13:33:20 2013 -0800
Remove old strtoul workaround for SunOS 4
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 9264a21b688891dbdcee630ff72cf39aa75fc4e1
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Mar 9 11:44:14 2013 -0800
unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002]
The RCM_DATA property is expected to be in the format:
resource_length, resource, value
If the property contains a resource_length thats results in a pointer
outside the property string, memory corruption can occur.
Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit eae57493feec958bcf733ad0d334715107029f8b
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Mar 9 11:29:21 2013 -0800
Unchecked return values of XGetWindowProperty [CVE-2013-2005]
Multiple functions in Selection.c assumed that XGetWindowProperty() would
always set the pointer to the property, but before libX11 1.6, it could
fail to do so in some cases, leading to libXt freeing or operating on an
uninitialized pointer value, so libXt should always initialize the pointers
and check for failure itself.
Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
More information about the xorg-commit
mailing list