Re: Security concerns (Was Re: XQuartz quextion)

• Subject: Re: Security concerns (Was Re: XQuartz quextion)
• From: Martin Costabel <email@hidden>
• Date: Sun, 25 Nov 2007 11:30:02 +0100
• Delivered-to: email@hidden
• Delivered-to: email@hidden
• User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031)

Jeremy Huddleston wrote:
[]

Well... see my posting about 1.3a1 and its fixes:

CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory Corruption
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1003

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

Wonderful!

Mr. Apple, are you listening?

--
Martin

_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list      (email@hidden)
This email sent to email@hidden


Follow-Ups:

Re: Security concerns (Was Re: XQuartz quextion)
From: "Jordan K. Hubbard" <email@hidden>


References:
 
 
>XQuartz quextion (From: dp <email@hidden>)
 
>Re: XQuartz quextion (From: William Davis <email@hidden>)
 
>Re: XQuartz quextion (From: Martin Costabel <email@hidden>)
 
>Security concerns (Was Re: XQuartz quextion) (From: Jeremy Huddleston <email@hidden>)




Prev by Date:
Security concerns (Was Re: XQuartz quextion)

Next by Date:
Re: Security concerns (Was Re: XQuartz quextion)

Previous by thread:
Security concerns (Was Re: XQuartz quextion)

Next by thread:
Re: Security concerns (Was Re: XQuartz quextion)

Index(es):

Date
Thread













  

   
Home
   
Archives
   
Terms/Conditions
   
Contact
   
RSS
   
Lists
   
About
 






Visit the Apple Store online or at retail locations.

1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2011 Apple Inc. All rights reserved.