Navigation:
Browse pkgsrc
(this page)| 2008-05-11 11:25:19 by Geert Hendrickx | Files touched by this commit (9) |
Log message:
Pullup ticket 2368 - requested by tonnerre
security fix for rdesktop
- pkgsrc/net/rdesktop/Makefile 1.34
- pkgsrc/net/rdesktop/distinfo 1.18
- pkgsrc/net/rdesktop/patches/patch-ac 1.5
- pkgsrc/net/rdesktop/patches/patch-ad 1.1
- pkgsrc/net/rdesktop/patches/patch-ae 1.1
- pkgsrc/net/rdesktop/patches/patch-af 1.1
- pkgsrc/net/rdesktop/patches/patch-ag 1.1
- pkgsrc/net/rdesktop/patches/patch-ah 1.1
- pkgsrc/net/rdesktop/patches/patch-ai 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Sat May 10 15:28:04 UTC 2008
Modified Files:
pkgsrc/net/rdesktop: Makefile distinfo
Added Files:
pkgsrc/net/rdesktop/patches: patch-ac patch-ad patch-ae patch-af
patch-ag patch-ah patch-ai
Log message:
Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.
1) An integer underflow error in iso.c when processing RDP requests can
be exploited to cause a heap-based buffer overflow.
2) An input validation error in rdp.c when processing RDP redirect
requests can be exploited to cause a BSS-based buffer overflow.
3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
to cause a heap-based buffer overflow.
|
New packages: