CVS commit: [pkgsrc-2008Q1] pkgsrc/net/rdesktop

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2008Q1] pkgsrc/net/rdesktop
From: Geert Hendrickx <ghen%netbsd.org@localhost>
Date: Sun, 11 May 2008 09:25:19 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   ghen
Date:           Sun May 11 09:25:19 UTC 2008

Modified Files:
        pkgsrc/net/rdesktop [pkgsrc-2008Q1]: Makefile distinfo
Added Files:
        pkgsrc/net/rdesktop/patches [pkgsrc-2008Q1]: patch-ac patch-ad patch-ae
            patch-af patch-ag patch-ah patch-ai

Log Message:
Pullup ticket 2368 - requested by tonnerre
security fix for rdesktop

- pkgsrc/net/rdesktop/Makefile                          1.34
- pkgsrc/net/rdesktop/distinfo                          1.18
- pkgsrc/net/rdesktop/patches/patch-ac                  1.5
- pkgsrc/net/rdesktop/patches/patch-ad                  1.1
- pkgsrc/net/rdesktop/patches/patch-ae                  1.1
- pkgsrc/net/rdesktop/patches/patch-af                  1.1
- pkgsrc/net/rdesktop/patches/patch-ag                  1.1
- pkgsrc/net/rdesktop/patches/patch-ah                  1.1
- pkgsrc/net/rdesktop/patches/patch-ai                  1.1

   Module Name:         pkgsrc
   Committed By:        tonnerre
   Date:                Sat May 10 15:28:04 UTC 2008

   Modified Files:
           pkgsrc/net/rdesktop: Makefile distinfo
   Added Files:
           pkgsrc/net/rdesktop/patches: patch-ac patch-ad patch-ae patch-af
               patch-ag patch-ah patch-ai

   Log Message:
   Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

   1) An integer underflow error in iso.c when processing RDP requests can
      be exploited to cause a heap-based buffer overflow.
   2) An input validation error in rdp.c when processing RDP redirect
      requests can be exploited to cause a BSS-based buffer overflow.
   3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
      to cause a heap-based buffer overflow.


To generate a diff of this commit:
cvs rdiff -r1.33 -r1.33.2.1 pkgsrc/net/rdesktop/Makefile
cvs rdiff -r1.17 -r1.17.8.1 pkgsrc/net/rdesktop/distinfo
cvs rdiff -r0 -r1.4.24.1 pkgsrc/net/rdesktop/patches/patch-ac
cvs rdiff -r0 -r1.1.2.2 pkgsrc/net/rdesktop/patches/patch-ad \
    pkgsrc/net/rdesktop/patches/patch-ae pkgsrc/net/rdesktop/patches/patch-af \
    pkgsrc/net/rdesktop/patches/patch-ag pkgsrc/net/rdesktop/patches/patch-ah \
    pkgsrc/net/rdesktop/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/misc/openoffice2
Next by Date: CVS commit: [pkgsrc-2008Q1] pkgsrc/net/bind8
Previous by Thread: CVS commit: pkgsrc/misc/openoffice2
Next by Thread: CVS commit: [pkgsrc-2008Q1] pkgsrc/net/bind8
Indexes:

Home | Main Index | Thread Index | Old Index