On Sun, Feb 15, 2015 at 3:01 PM, Michael DePaulo <mikedep333@gmail.com> wrote:
On Sun, Feb 15, 2015 at 2:11 PM, Mihai Moldovan <ionic@ionic.de> wrote:
On 14.02.2015 05:47 PM, git-admin@x2go.org wrote:
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch 3.6.x in repository nx-libs.
commit af55da1e9c1a6a352b24823a8f7062c288ffbbc0 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Feb 8 19:15:20 2015 -0500
LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Specially crafted LZW stream can crash an application using libXfont that is used to open untrusted font files. With X server, this may allow privilege escalation when exploited
nx-X11/lib/font/fontfile/decompress.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c index a4c5468..553b315 100644 --- a/nx-X11/lib/font/fontfile/decompress.c +++ b/nx-X11/lib/font/fontfile/decompress.c @@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f) */ while ( code >= 256 ) {
if (stackp - de_stack >= STACK_SIZE - 1)return BUFFILEEOF;But that's my personal style and I like to over-parenthesis. Both the upstream commit and the RHEL5 patch have it written this way, but I agree that your style is better.
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec6100...
ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/libXfont-1.2.2-1.0.6.el5_11.src.rpm (cve-2011-2895.patch)
On a related note, upstream has this follow-up commit: http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=bd48ad11fd11412c62c... It was not backported to RHEL5 though.