Bug#308783: new s_popen() function is insecure garbage

To: Daniel Stone <daniel@fooishbar.org>
Cc: 308783@bugs.debian.org
Subject: Bug#308783: new s_popen() function is insecure garbage
From: Larry Doolittle <ldoolitt@recycle.lbl.gov>
Date: Sun, 22 May 2005 19:56:44 -0700
Message-id: <[🔎] 20050523025644.GA5398@lrd5-64>
Reply-to: Larry Doolittle <ldoolitt@recycle.lbl.gov>, 308783@bugs.debian.org
In-reply-to: <[🔎] 20050523013219.GE14978@catsby.fooishbar.org>
References: <[🔎] 20050522191555.GA5023@lrd5-64> <[🔎] 20050523013219.GE14978@catsby.fooishbar.org>

Daniel et al. -

On Mon, May 23, 2005 at 11:32:19AM +1000, Daniel Stone wrote:
> > I might play around with option 2.  There are two strategies
> > that make technical sense:
> 
> Why would you do this when there's already a version upstream that fixes
> this?  I don't like the idea of having yet another Xpm 'security fix'
> variant out there.

OK, so I was slow finding the proper upstream fix.
Now that I found it within
  http://ftp.x.org/pub/X11R6.8.2/patches/X11R6.8.1-to-X11R6.8.2.patch.gz
I gave it a quick review (it matches my strategy (a)).

So, let me rephrase the question:

Has Matej and someone from the Debian X Strike Force reviewed
and/or started to test the X11R6.8.2 patch to 
  xc/extras/Xpm/lib/RdFToI.c
  xc/extras/Xpm/lib/WrFFrI.c
and maybe
  xc/extras/Xpm/lib/XpmI.h
?

    - Larry

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#308783: new s_popen() function is insecure garbage
  - From: Larry Doolittle <ldoolitt@recycle.lbl.gov>
- Bug#308783: new s_popen() function is insecure garbage
  - From: Daniel Stone <daniel@fooishbar.org>

Prev by Date: Bug#308783: new s_popen() function is insecure garbage
Next by Date: Bug#310334: xfree86: [INTL:ru] Russian debconf templates translation
Previous by thread: Bug#308783: new s_popen() function is insecure garbage
Next by thread: Bug#22506: Give yourself the pleasure you deserve.
Index(es):
- Date
- Thread