Subject: CVS commit: pkgsrc/net/rdesktop
From: Tonnerre Lombard
Date: 2008-05-10 17:28:04
Message id: 20080510152804.508A6175D0@cvs.netbsd.org

Log Message:
Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

1) An integer underflow error in iso.c when processing RDP requests can
   be exploited to cause a heap-based buffer overflow.
2) An input validation error in rdp.c when processing RDP redirect
   requests can be exploited to cause a BSS-based buffer overflow.
3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
   to cause a heap-based buffer overflow.

Files:
RevisionActionfile
1.34modifypkgsrc/net/rdesktop/Makefile
1.18modifypkgsrc/net/rdesktop/distinfo
1.5addpkgsrc/net/rdesktop/patches/patch-ac
1.1addpkgsrc/net/rdesktop/patches/patch-ad
1.1addpkgsrc/net/rdesktop/patches/patch-ae
1.1addpkgsrc/net/rdesktop/patches/patch-af
1.1addpkgsrc/net/rdesktop/patches/patch-ag
1.1addpkgsrc/net/rdesktop/patches/patch-ah
1.1addpkgsrc/net/rdesktop/patches/patch-ai