> I have no time auditing this bug one thing came to my mind
> when I had a look in main.c:
> 1655 if ((display_name = getenv ("DISPLAY")) == NULL)
> 1656 display_name = ":0";
>
> Please fix that code to print an error, see:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and
> http://article.gmane.org/gmane.comp.security.oss.general/122Just review the CVE-2008-1692 and send the initial patch to the upstrem. Now, the adjusted patch by the upstream developer is commited in the upstream source. It will be in the next upstream release. In the meantime, I will review another vulnerabilities. Regards, Neutron Soutmun
signature.asc
Description: นี่คือ ส่วนข้ อความท ี่มีลา ยเซ็นด ิจิทัล กำกับ
