From: Tonnerre Lombard <tonnerre@netbsd.org>
Subject: CVS commit: pkgsrc/net/rdesktop
To: pkgsrc-changes@NetBSD.org
Reply-To: tonnerre@netbsd.org
Message-Id: <20080510152804.508A6175D0@cvs.netbsd.org>
Date: Sat, 10 May 2008 15:28:04 +0000 (UTC)
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: list


Module Name:	pkgsrc
Committed By:	tonnerre
Date:		Sat May 10 15:28:04 UTC 2008

Modified Files:
	pkgsrc/net/rdesktop: Makefile distinfo
Added Files:
	pkgsrc/net/rdesktop/patches: patch-ac patch-ad patch-ae patch-af
	    patch-ag patch-ah patch-ai

Log Message:
Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

1) An integer underflow error in iso.c when processing RDP requests can
   be exploited to cause a heap-based buffer overflow.
2) An input validation error in rdp.c when processing RDP redirect
   requests can be exploited to cause a BSS-based buffer overflow.
3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
   to cause a heap-based buffer overflow.


To generate a diff of this commit:
cvs rdiff -r1.33 -r1.34 pkgsrc/net/rdesktop/Makefile
cvs rdiff -r1.17 -r1.18 pkgsrc/net/rdesktop/distinfo
cvs rdiff -r0 -r1.5 pkgsrc/net/rdesktop/patches/patch-ac
cvs rdiff -r0 -r1.1 pkgsrc/net/rdesktop/patches/patch-ad \
    pkgsrc/net/rdesktop/patches/patch-ae pkgsrc/net/rdesktop/patches/patch-af \
    pkgsrc/net/rdesktop/patches/patch-ag pkgsrc/net/rdesktop/patches/patch-ah \
    pkgsrc/net/rdesktop/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.