Bugtraq mailing list archives
Re: another Xlib buffer overflow
From: Kris Kennaway <kris () CITUSC USC EDU>
Date: Sun, 15 Oct 2000 21:23:58 -0700
On Fri, Oct 13, 2000 at 11:37:01PM +0200, Matthieu Herrb wrote:
It was fixed in XFree86 4.0. From the CHANGELOG: XFree86 3.9Nu (13 January 1999) [...] 2141. Fix some sun_path overflows in xtrans.
Wow, there's nothing like supporting the product release which everyone actually uses. XFree86 did the same thing with the other security problems a few months ago (fixed it silently in 4.0.1 and forced vendors who care to manually hunt down and extract the patches from their CVS repo and apply them by hand to their 3.3.6 package). Mail to their security contact address also went unanswered on this issue.. Kris
Current thread:
- another Xlib buffer overflow Michal Zalewski (Oct 13)
- Re: another Xlib buffer overflow Matthieu Herrb (Oct 15)
- Re: another Xlib buffer overflow Kris Kennaway (Oct 16)
- Re: another Xlib buffer overflow Chris Evans (Oct 25)
- Re: another Xlib buffer overflow Cy Schubert - ITSD Open Systems Group (Oct 16)
- Re: another Xlib buffer overflow Kris Kennaway (Oct 16)
- <Possible follow-ups>
- Re: another Xlib buffer overflow Robert van der Meulen (Oct 15)
- Re: another Xlib buffer overflow Michal Zalewski (Oct 15)
- Re: another Xlib buffer overflow Matthieu Herrb (Oct 15)