On 14.02.2015 05:47 PM, git-admin@x2go.org wrote:
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch 3.6.x in repository nx-libs.
commit b65259bf3bcca15b5069cb7a6c06f95a40f79813 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Feb 8 22:38:32 2015 -0500
CVE-2014-0210: unvalidated length fields in fs_read_list_info() from xorg/lib/libXfont commit d338f81df1e188eb16e1d6aeea7f4800f89c1218 fs_read_list_info() parses a reply from the font server. The reply contains a number of additional data items with embedded length or count fields, none of which are validated. This can cause out of bound reads when looping over these items in the reply.
nx-X11/lib/font/fc/fserve.c | 56 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-)
diff --git a/nx-X11/lib/font/fc/fserve.c b/nx-X11/lib/font/fc/fserve.c index 60d9017..6ba3ad4 100644 --- a/nx-X11/lib/font/fc/fserve.c +++ b/nx-X11/lib/font/fc/fserve.c @@ -2500,6 +2500,7 @@ fs_read_list_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) FSBlockedListInfoPtr binfo = (FSBlockedListInfoPtr) blockrec->data; fsListFontsWithXInfoReply *rep; char *buf;
- long bufleft;
Same here. Everything else in this patch looks OK.