[X2Go-Dev] [X2Go-Commits] [nx-libs] 28/52: CVE-2014-0210: unvalidated length fields in fs_read_list() from xorg/lib/libXfont commit 5fa73ac18474be3032ee7af9c6e29deab163ea39

Ulrich Sibiller uli42 at gmx.de
Mon Feb 16 21:29:56 CET 2015


On Mon, Feb 16, 2015 at 8:23 PM, Mihai Moldovan <ionic at ionic.de> wrote:

>> The code might offer a lot of possibilities for improvement. However,
>> as all this is derived from the original X11 code I would prefer
>> leaving it as is (and fix it upstream). This will make it a lot easier
>> to backport later patches and it will also make the nx transition to
>> current X11 much easier.  Maybe add FIXME: comments to not forget
>> those ideas.
>
> You're right. That's why I have only changed initialization where
> conflicts are easily merged and the 1 MB thing.
>
> Everything else was left in place. I'm just bringing it up so that
> people don't follow (bad) examples.

This brings up the question: Should we try to backport any bugfixes?
Or should we skip that completely and concentrate on rebasing nx to
current X11 (Mike is working on that).
Or should we do both in parallel?

Uli


More information about the x2go-dev mailing list