Module Name: src Committed By: jdc Date: Sun Oct 13 07:26:23 UTC 2013
Modified Files: src/doc [netbsd-5-2]: CHANGES-5.2.2 Log Message: Ticket #1884. To generate a diff of this commit: cvs rdiff -u -r1.1.2.1 -r1.1.2.2 src/doc/CHANGES-5.2.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/doc/CHANGES-5.2.2 diff -u src/doc/CHANGES-5.2.2:1.1.2.1 src/doc/CHANGES-5.2.2:1.1.2.2 --- src/doc/CHANGES-5.2.2:1.1.2.1 Sun Oct 13 07:22:18 2013 +++ src/doc/CHANGES-5.2.2 Sun Oct 13 07:26:23 2013 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-5.2.2,v 1.1.2.1 2013/10/13 07:22:18 jdc Exp $ +# $NetBSD: CHANGES-5.2.2,v 1.1.2.2 2013/10/13 07:26:23 jdc Exp $ A complete list of changes from the NetBSD 5.2 release to the NetBSD 5.2.1 release: @@ -10,3 +10,14 @@ sys/sys/param.h patched by hand Welcome to 5.2.1_PATCH. [jdc] +xsrc/external/mit/xorg-server/dist/dix/dixfonts.c 1.2 via patch +xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c 1.4 via patch + + Fix CVE-2013-4396 using a patch from Alan Coopersmith: + Save a pointer to the passed in closure structure before copying it + and overwriting the *c pointer to point to our copy instead of the + original. If we hit an error, once we free(c), reset c to point to + the original structure before jumping to the cleanup code that + references *c. + [spz, ticket #966] +