Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security concerns (Was Re: XQuartz quextion)

Now if only someone could make the case that Leopard's Xquartz poses a security problem...
The fix would appear on softwareupdate within two days. Indeed, couldn't those regular 

Well... see my posting about 1.3a1 and its fixes:

CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory Corruption
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1003

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

so... yeah... there you go...

Get 1.3a1 which fixes this here: http://people.freedesktop.org/~jeremyhu/x11-apple/releases/1.3a1/

I haven't updated the wiki because I don't want it to appear as though Ben and I are forking off eachother by having different distribution sites. We're working on a way to have a single location for releases. In the mean time, just grab the files from my space there.

--Jeremy
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/x11-users/email@hidden

This email sent to email@hidden
References: 
 >XQuartz quextion (From: dp <email@hidden>)
 >Re: XQuartz quextion (From: William Davis <email@hidden>)
 >Re: XQuartz quextion (From: Martin Costabel <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.