CVS commit: pkgsrc/net/rdesktop

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/rdesktop
From: Tonnerre Lombard <tonnerre%netbsd.org@localhost>
Date: Sat, 10 May 2008 15:28:04 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   tonnerre
Date:           Sat May 10 15:28:04 UTC 2008

Modified Files:
        pkgsrc/net/rdesktop: Makefile distinfo
Added Files:
        pkgsrc/net/rdesktop/patches: patch-ac patch-ad patch-ae patch-af
            patch-ag patch-ah patch-ai

Log Message:
Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

1) An integer underflow error in iso.c when processing RDP requests can
   be exploited to cause a heap-based buffer overflow.
2) An input validation error in rdp.c when processing RDP redirect
   requests can be exploited to cause a BSS-based buffer overflow.
3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
   to cause a heap-based buffer overflow.


To generate a diff of this commit:
cvs rdiff -r1.33 -r1.34 pkgsrc/net/rdesktop/Makefile
cvs rdiff -r1.17 -r1.18 pkgsrc/net/rdesktop/distinfo
cvs rdiff -r0 -r1.5 pkgsrc/net/rdesktop/patches/patch-ac
cvs rdiff -r0 -r1.1 pkgsrc/net/rdesktop/patches/patch-ad \
    pkgsrc/net/rdesktop/patches/patch-ae pkgsrc/net/rdesktop/patches/patch-af \
    pkgsrc/net/rdesktop/patches/patch-ag pkgsrc/net/rdesktop/patches/patch-ah \
    pkgsrc/net/rdesktop/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index