Re: Security concerns (Was Re: XQuartz quextion)

• Subject: Re: Security concerns (Was Re: XQuartz quextion)
• From: Martin Costabel <email@hidden>
• Date: Sun, 25 Nov 2007 11:30:02 +0100
• Delivered-to: email@hidden
• Delivered-to: email@hidden
• User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031)

Jeremy Huddleston wrote:
[]

Well... see my posting about 1.3a1 and its fixes:

CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory Corruption
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1003

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

Wonderful!

Mr. Apple, are you listening?

--
Martin

_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/x11-users/email@hidden

• Follow-Ups:
  • Re: Security concerns (Was Re: XQuartz quextion)
    • From: "Jordan K. Hubbard" <email@hidden>

• Prev by Date: Security concerns (Was Re: XQuartz quextion)
• Next by Date: Re: Security concerns (Was Re: XQuartz quextion)
• Previous by thread: Security concerns (Was Re: XQuartz quextion)
• Next by thread: Re: Security concerns (Was Re: XQuartz quextion)
• Index(es):
  • Date
  • Thread