---
- branch: MAIN
  date: Sat May 10 15:28:04 UTC 2008
  files:
  - new: '1.34'
    old: '1.33'
    path: pkgsrc/net/rdesktop/Makefile
    pathrev: pkgsrc/net/rdesktop/Makefile@1.34
    type: modified
  - new: '1.18'
    old: '1.17'
    path: pkgsrc/net/rdesktop/distinfo
    pathrev: pkgsrc/net/rdesktop/distinfo@1.18
    type: modified
  - new: '1.5'
    old: '0'
    path: pkgsrc/net/rdesktop/patches/patch-ac
    pathrev: pkgsrc/net/rdesktop/patches/patch-ac@1.5
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/net/rdesktop/patches/patch-ad
    pathrev: pkgsrc/net/rdesktop/patches/patch-ad@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/net/rdesktop/patches/patch-ae
    pathrev: pkgsrc/net/rdesktop/patches/patch-ae@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/net/rdesktop/patches/patch-af
    pathrev: pkgsrc/net/rdesktop/patches/patch-af@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/net/rdesktop/patches/patch-ag
    pathrev: pkgsrc/net/rdesktop/patches/patch-ag@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/net/rdesktop/patches/patch-ah
    pathrev: pkgsrc/net/rdesktop/patches/patch-ah@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/net/rdesktop/patches/patch-ai
    pathrev: pkgsrc/net/rdesktop/patches/patch-ai@1.1
    type: added
  id: 20080510T152804Z.e05ea18b151968e2f3821df92d9cd34d436985f6
  log: |
    Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

    1) An integer underflow error in iso.c when processing RDP requests can
       be exploited to cause a heap-based buffer overflow.
    2) An input validation error in rdp.c when processing RDP redirect
       requests can be exploited to cause a BSS-based buffer overflow.
    3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
       to cause a heap-based buffer overflow.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/rdesktop'
  unixtime: '1210433284'
  user: tonnerre