commit xorg-x11-libs for openSUSE:Factory
Hello community, here is the log from the commit of package xorg-x11-libs for openSUSE:Factory checked in at Mon Sep 5 18:00:54 CEST 2011. -------- --- xorg-x11-libs/xorg-x11-libs.changes 2011-08-30 15:14:10.000000000 +0200 +++ xorg-x11-libs/xorg-x11-libs.changes 2011-09-02 15:53:13.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Sep 2 13:39:04 UTC 2011 - sndirsch@suse.com + +- U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch + * LZW decompress: fix for CVE-2011-2895 (bnc #709851) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xorg-x11-libs.spec ++++++ --- /var/tmp/diff_new_pack.QyfE11/_old 2011-09-05 17:59:49.000000000 +0200 +++ /var/tmp/diff_new_pack.QyfE11/_new 2011-09-05 17:59:49.000000000 +0200 @@ -34,7 +34,7 @@ # Url: http://xorg.freedesktop.org/ Version: 7.6 -Release: 21 +Release: 23 License: GPLv2+ ; MIT License (or similar) BuildRoot: %{_tmppath}/%{name}-%{version}-build Group: System/Libraries @@ -72,6 +72,7 @@ Patch2: libXft-2.1.7-lcd-filter-2.patch Patch5: libxkbui.diff Patch10: libXxf86misc-xcb.diff +Patch11: U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch %description This package contains the remaining X.Org libraries. @@ -156,6 +157,9 @@ pushd libXxf86misc-* %patch10 -p0 popd +pushd libXfont-* +%patch11 -p1 +popd %build for dir in $(ls); do ++++++ U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch ++++++
From d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Mon Sep 17 00:00:00 2001 From: Thomas Hoger
Date: Mon, 8 Aug 2011 18:03:09 +0200 Subject: [PATCH] LZW decompress: fix for CVE-2011-2895
Specially crafted LZW stream can crash an application using libXfont
that is used to open untrusted font files. With X server, this may
allow privilege escalation when exploited
Reviewed-by: Matthieu Herrb
participants (1)
-
root@hilbert.suse.de