X Strike Force X.Org X11 SVN commit: r3989 - in trunk/lib/libx11/debian: . patches

To: debian-x@lists.debian.org
Subject: X Strike Force X.Org X11 SVN commit: r3989 - in trunk/lib/libx11/debian: . patches
From: X Strike Force SVN Repository Admin <branden+svnadmin@deadbeast.net>
Date: Mon, 13 Nov 2006 17:26:51 -0500 (EST)
Message-id: <[🔎] 20061113222651.053A85C105@necrotic.deadbeast.net>
Mail-followup-to: debian-x@lists.debian.org

Author: julien
Date: 2006-11-13 17:26:50 -0500 (Mon, 13 Nov 2006)
New Revision: 3989

Added:
   trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff
Modified:
   trunk/lib/libx11/debian/changelog
   trunk/lib/libx11/debian/patches/series
Log:
* Urgency high for security bugfix (CVE-2006-5397).
* Add patch 020_CVE-2006-5397 to fix double fopen() of compose file
(closes: #398460).  Thanks to Stefan Fritsch for the report.

Modified: trunk/lib/libx11/debian/changelog
===================================================================
--- trunk/lib/libx11/debian/changelog	2006-11-13 20:20:13 UTC (rev 3988)
+++ trunk/lib/libx11/debian/changelog	2006-11-13 22:26:50 UTC (rev 3989)
@@ -1,3 +1,11 @@
+libx11 (2:1.0.3-3) unstable; urgency=high
+
+  * Urgency high for security bugfix (CVE-2006-5397).
+  * Add patch 020_CVE-2006-5397 to fix double fopen() of compose file
+  (closes: #398460).  Thanks to Stefan Fritsch for the report.
+
+ -- Julien Cristau <julien.cristau@ens-lyon.org>  Mon, 13 Nov 2006 23:24:39 +0100
+
 libx11 (2:1.0.3-2) unstable; urgency=low
 
   [ Denis Barbier ]

Added: trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff
===================================================================
--- trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff	                        (rev 0)
+++ trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff	2006-11-13 22:26:50 UTC (rev 3989)
@@ -0,0 +1,22 @@
+From 686bb8b35acf6cecae80fe89b2b5853f5816ce19 Mon Sep 17 00:00:00 2001
+From: Matthias Hopf <mhopf@suse.de>
+Date: Wed, 18 Oct 2006 14:25:04 +0200
+Subject: [PATCH] Fix double open of compose file.
+
+Issue found by Kees Cook <kees@canonical.com>.
+---
+ modules/im/ximcp/imLcIm.c |    1 -
+ 1 files changed, 0 insertions(+), 1 deletions(-)
+
+Index: libx11/modules/im/ximcp/imLcIm.c
+===================================================================
+--- libx11.orig/modules/im/ximcp/imLcIm.c	2006-11-13 23:18:51.000000000 +0100
++++ libx11/modules/im/ximcp/imLcIm.c	2006-11-13 23:19:16.000000000 +0100
+@@ -617,7 +617,6 @@
+     }
+ #endif
+ 
+-    fp = _XFopenFile (name, "r");
+     if (! (fp = _XFopenFile (name, "r"))) {
+ 	if (tmpcachedir)
+ 	    Xfree  (tmpcachedir);

Modified: trunk/lib/libx11/debian/patches/series
===================================================================
--- trunk/lib/libx11/debian/patches/series	2006-11-13 20:20:13 UTC (rev 3988)
+++ trunk/lib/libx11/debian/patches/series	2006-11-13 22:26:50 UTC (rev 3989)
@@ -11,3 +11,4 @@
 012_ru_RU_UTF-8_XLC_LOCALE.diff
 014_add_Khmer_digraphs.diff
 019_new_autoconf.diff
+020_CVE-2006-5397.diff

Reply to:

Prev by Date: Bug#378594: Gatos patch for radeon TV out
Next by Date: Bug#398276: marked as done (xdm: don't bundle turning on sit0 irradiating me all day)
Previous by thread: Bug#378594: Gatos patch for radeon TV out
Next by thread: X Strike Force X.Org X11 SVN commit: r3990 - in branches/experimental/app/compiz: . debian debian/patches gtk gtk/gnome gtk/window-decorator images include kde kde/window-decorator plugins po src
Index(es):
- Date
- Thread