Author: branden Date: 2004-01-27 13:06:02 -0500 (Tue, 27 Jan 2004) New Revision: 980
Modified: branches/4.1.0/woody/debian/changelog Log: Further clarify relation of vulnerabilities to CVE candidate IDs. Modified: branches/4.1.0/woody/debian/changelog =================================================================== --- branches/4.1.0/woody/debian/changelog 2004-01-27 17:50:23 UTC (rev 979) +++ branches/4.1.0/woody/debian/changelog 2004-01-27 18:06:02 UTC (rev 980) @@ -8,7 +8,8 @@ + CAN-2004-0093, CAN-2003-0094: Denial-of-service attacks against the X server by clients using the GLX extension and Direct Rendering Infrastructure are possible due to unchecked client data (out-of-bounds - array indexes and integer signedness errors). + array indexes [CAN-2004-0093] and integer signedness errors + [CAN-2004-0094]). * Patch xdm to call pam_strerror(), log the returned error, and exit the StartClient() function with a zero exit status (failure) if pam_setcred()