X Strike Force X.Org X11 SVN commit: r3989 - in trunk/lib/libx11/debian: . patches
Author: julien
Date: 2006-11-13 17:26:50 -0500 (Mon, 13 Nov 2006)
New Revision: 3989
Added:
trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff
Modified:
trunk/lib/libx11/debian/changelog
trunk/lib/libx11/debian/patches/series
Log:
* Urgency high for security bugfix (CVE-2006-5397).
* Add patch 020_CVE-2006-5397 to fix double fopen() of compose file
(closes: #398460). Thanks to Stefan Fritsch for the report.
Modified: trunk/lib/libx11/debian/changelog
===================================================================
--- trunk/lib/libx11/debian/changelog 2006-11-13 20:20:13 UTC (rev 3988)
+++ trunk/lib/libx11/debian/changelog 2006-11-13 22:26:50 UTC (rev 3989)
@@ -1,3 +1,11 @@
+libx11 (2:1.0.3-3) unstable; urgency=high
+
+ * Urgency high for security bugfix (CVE-2006-5397).
+ * Add patch 020_CVE-2006-5397 to fix double fopen() of compose file
+ (closes: #398460). Thanks to Stefan Fritsch for the report.
+
+ -- Julien Cristau <julien.cristau@ens-lyon.org> Mon, 13 Nov 2006 23:24:39 +0100
+
libx11 (2:1.0.3-2) unstable; urgency=low
[ Denis Barbier ]
Added: trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff
===================================================================
--- trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff (rev 0)
+++ trunk/lib/libx11/debian/patches/020_CVE-2006-5397.diff 2006-11-13 22:26:50 UTC (rev 3989)
@@ -0,0 +1,22 @@
+From 686bb8b35acf6cecae80fe89b2b5853f5816ce19 Mon Sep 17 00:00:00 2001
+From: Matthias Hopf <mhopf@suse.de>
+Date: Wed, 18 Oct 2006 14:25:04 +0200
+Subject: [PATCH] Fix double open of compose file.
+
+Issue found by Kees Cook <kees@canonical.com>.
+---
+ modules/im/ximcp/imLcIm.c | 1 -
+ 1 files changed, 0 insertions(+), 1 deletions(-)
+
+Index: libx11/modules/im/ximcp/imLcIm.c
+===================================================================
+--- libx11.orig/modules/im/ximcp/imLcIm.c 2006-11-13 23:18:51.000000000 +0100
++++ libx11/modules/im/ximcp/imLcIm.c 2006-11-13 23:19:16.000000000 +0100
+@@ -617,7 +617,6 @@
+ }
+ #endif
+
+- fp = _XFopenFile (name, "r");
+ if (! (fp = _XFopenFile (name, "r"))) {
+ if (tmpcachedir)
+ Xfree (tmpcachedir);
Modified: trunk/lib/libx11/debian/patches/series
===================================================================
--- trunk/lib/libx11/debian/patches/series 2006-11-13 20:20:13 UTC (rev 3988)
+++ trunk/lib/libx11/debian/patches/series 2006-11-13 22:26:50 UTC (rev 3989)
@@ -11,3 +11,4 @@
012_ru_RU_UTF-8_XLC_LOCALE.diff
014_add_Khmer_digraphs.diff
019_new_autoconf.diff
+020_CVE-2006-5397.diff
Reply to: