Module Name: src
Committed By: msaitoh
Date: Wed May 14 05:27:47 UTC 2014
Modified Files:
src/doc [netbsd-5-2]: CHANGES-5.2.3
Log Message:
Ticket 1905.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.4 -r1.1.2.5 src/doc/CHANGES-5.2.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-5.2.3
diff -u src/doc/CHANGES-5.2.3:1.1.2.4 src/doc/CHANGES-5.2.3:1.1.2.5
--- src/doc/CHANGES-5.2.3:1.1.2.4 Wed May 14 05:16:02 2014
+++ src/doc/CHANGES-5.2.3 Wed May 14 05:27:47 2014
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.2.3,v 1.1.2.4 2014/05/14 05:16:02 msaitoh Exp $
+# $NetBSD: CHANGES-5.2.3,v 1.1.2.5 2014/05/14 05:27:47 msaitoh Exp $
A complete list of changes from the NetBSD 5.2.2 release to the NetBSD 5.2.3
release:
@@ -58,3 +58,19 @@ src/sys/compat/linux/common/linux_exec_e
chs@/enami@
[maxv, ticket #1902]
+
+xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c 1.2
+xsrc/external/mit/libXfont/dist/src/fc/fserve.c 1.2
+xsrc/external/mit/libXfont/dist/src/fontfile/dirfile.c 1.2
+xsrc/xfree/xc/lib/font/fc/fsconvert.c 1.5
+xsrc/xfree/xc/lib/font/fc/fserve.c 1.5
+xsrc/xfree/xc/lib/font/fontfile/dirfile.c 1.5
+
+ Fix multiple vulnerabilities in libXfont:
+ - CVE-2014-0209: integer overflow of allocations in font metadata
+ file parsing
+ - CVE-2014-0210: unvalidated length fields when parsing xfs protocol
+ replies
+ - CVE-2014-0211: integer overflows calculating memory needs for xfs
+ replies
+ [spz, ticket #1905]
