Author: julien Date: 2006-11-13 17:26:50 -0500 (Mon, 13 Nov 2006) New Revision: 3989
Added: trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff Modified: trunk/lib/libx11/debian/changelog trunk/lib/libx11/debian/patches/series Log: * Urgency high for security bugfix (CVE-2006-5397). * Add patch 020_CVE-2006-5397 to fix double fopen() of compose file (closes: #398460). Thanks to Stefan Fritsch for the report. Modified: trunk/lib/libx11/debian/changelog =================================================================== --- trunk/lib/libx11/debian/changelog 2006-11-13 20:20:13 UTC (rev 3988) +++ trunk/lib/libx11/debian/changelog 2006-11-13 22:26:50 UTC (rev 3989) @@ -1,3 +1,11 @@ +libx11 (2:1.0.3-3) unstable; urgency=high + + * Urgency high for security bugfix (CVE-2006-5397). + * Add patch 020_CVE-2006-5397 to fix double fopen() of compose file + (closes: #398460). Thanks to Stefan Fritsch for the report. + + -- Julien Cristau <[EMAIL PROTECTED]> Mon, 13 Nov 2006 23:24:39 +0100 + libx11 (2:1.0.3-2) unstable; urgency=low [ Denis Barbier ] Added: trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff =================================================================== --- trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff (rev 0) +++ trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff 2006-11-13 22:26:50 UTC (rev 3989) @@ -0,0 +1,22 @@ +From 686bb8b35acf6cecae80fe89b2b5853f5816ce19 Mon Sep 17 00:00:00 2001 +From: Matthias Hopf <[EMAIL PROTECTED]> +Date: Wed, 18 Oct 2006 14:25:04 +0200 +Subject: [PATCH] Fix double open of compose file. + +Issue found by Kees Cook <[EMAIL PROTECTED]>. +--- + modules/im/ximcp/imLcIm.c | 1 - + 1 files changed, 0 insertions(+), 1 deletions(-) + +Index: libx11/modules/im/ximcp/imLcIm.c +=================================================================== +--- libx11.orig/modules/im/ximcp/imLcIm.c 2006-11-13 23:18:51.000000000 +0100 ++++ libx11/modules/im/ximcp/imLcIm.c 2006-11-13 23:19:16.000000000 +0100 +@@ -617,7 +617,6 @@ + } + #endif + +- fp = _XFopenFile (name, "r"); + if (! (fp = _XFopenFile (name, "r"))) { + if (tmpcachedir) + Xfree (tmpcachedir); Modified: trunk/lib/libx11/debian/patches/series =================================================================== --- trunk/lib/libx11/debian/patches/series 2006-11-13 20:20:13 UTC (rev 3988) +++ trunk/lib/libx11/debian/patches/series 2006-11-13 22:26:50 UTC (rev 3989) @@ -11,3 +11,4 @@ 012_ru_RU_UTF-8_XLC_LOCALE.diff 014_add_Khmer_digraphs.diff 019_new_autoconf.diff +020_CVE-2006-5397.diff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]