X Strike Force XFree86 SVN commit: rev 980 - branches/4.1.0/woody/debian
Author: branden
Date: 2004-01-27 13:06:02 -0500 (Tue, 27 Jan 2004)
New Revision: 980
Modified:
branches/4.1.0/woody/debian/changelog
Log:
Further clarify relation of vulnerabilities to CVE candidate IDs.
Modified: branches/4.1.0/woody/debian/changelog
===================================================================
--- branches/4.1.0/woody/debian/changelog 2004-01-27 17:50:23 UTC (rev 979)
+++ branches/4.1.0/woody/debian/changelog 2004-01-27 18:06:02 UTC (rev 980)
@@ -8,7 +8,8 @@
+ CAN-2004-0093, CAN-2003-0094: Denial-of-service attacks against the X
server by clients using the GLX extension and Direct Rendering
Infrastructure are possible due to unchecked client data (out-of-bounds
- array indexes and integer signedness errors).
+ array indexes [CAN-2004-0093] and integer signedness errors
+ [CAN-2004-0094]).
* Patch xdm to call pam_strerror(), log the returned error, and exit the
StartClient() function with a zero exit status (failure) if pam_setcred()
Reply to: