Subject: [Security Fix] X.Org Buffer overflow
To: None <current-users@NetBSD.org>
From: Adrian Portelli <adrianp@NetBSD.org>
Date: 05/09/2006 19:34:58
-----BEGIN PGP SIGNED MESSAGE-----
On the 15th March 2006 X.Org 7.0 modular was imported into xsrc/. On the
2nd May 2006 the NetBSD Security Officer team became aware of a
security issue in the version imported into xsrc.
The original advisory for this issue can be found at:
The relevant CVE entry is CVE-2006-1526.
This vulnerability does not exist in the NetBSD 1.x, 2.x, or 3.x code
bases. However, NetBSD-current was found to be vulnerable to this issue.
This issue was fixed in the NetBSD CVS tree on the 3rd of May 2006.
Users currently running NetBSD-current are advised to update the
This will resolve the known security issue.
To update from CVS:
# cd xsrc
# cvs update -d -P xorg/xserver/xorg/render/mitri.c
Matthias Drochner for the fixes in NetBSD-current.
On behalf of security-officer@,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)
-----END PGP SIGNATURE-----