Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2012-12-18 18:43:02 by Matthias Scheler | Files touched by this commit (3)
Log message:
Pullup ticket #3993 - requested by is
x11/modular-xorg-server: security patch

Revisions pulled up:
- x11/modular-xorg-server/Makefile                              1.73 via patch
- x11/modular-xorg-server/distinfo                              1.47
- x11/modular-xorg-server/patches/patch-os_utils.c              1.1

---
   Module Name:	pkgsrc
   Committed By:	is
   Date:		Sat Dec 15 09:26:07 UTC 2012

   Modified Files:
   	pkgsrc/x11/modular-xorg-server: Makefile distinfo
   Added Files:
   	pkgsrc/x11/modular-xorg-server/patches: patch-os_utils.c

   Log message:
   Fix CVE-2011-4028: File disclosure vulnerability.
   use O_NOFOLLOW to open the existing lock file, so symbolic links
   aren't followed, thus avoid revealing if it point to an existing
   file. Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
   Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>

   Fix CVE-2011-4029: File permission change vulnerability.
   Use fchmod() to change permissions of the lock file instead of
   chmod(), thus avoid the race that can be exploited to set a symbolic
   link to any file or directory in the system. Signed-off-by: Matthieu
   Herrb <matthieu.herrb@laas.fr> Reviewed-by: Alan Coopersmith
   <alan.coopersmith@oracle.com>

Next | Query returned 1 messages, browsing 1 to 10 | previous