current-users: [Security Fix] X.Org Buffer overflow

Subject: [Security Fix] X.Org Buffer overflow
To: None <current-users@NetBSD.org>
From: Adrian Portelli <adrianp@NetBSD.org>
List: current-users
Date: 05/09/2006 19:34:58

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On the 15th March 2006 X.Org 7.0 modular was imported into xsrc/. On the
2nd May 2006 the NetBSD Security Officer team became aware of a
security issue in the version imported into xsrc.

The original advisory for this issue can be found at:

 http://lists.freedesktop.org/archives/xorg/2006-May/015136.html

The relevant CVE entry is CVE-2006-1526.

This vulnerability does not exist in the NetBSD 1.x, 2.x, or 3.x code
bases. However, NetBSD-current was found to be vulnerable to this issue.

This issue was fixed in the NetBSD CVS tree on the 3rd of May 2006.
Users currently running NetBSD-current are advised to update the
following file:

	xsrc/xorg/xserver/xorg/render/mitri.c

This will resolve the known security issue.	

To update from CVS:
		
	# cd xsrc
	# cvs update -d -P xorg/xserver/xorg/render/mitri.c

Thanks To
=========

Matthias Drochner for the fixes in NetBSD-current.

On behalf of security-officer@,

adrian.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFEYN6aLc2rR0mnFJ8RAuylAJ94V6WfqIJKIK2B5vsYEFOpiRo6qwCfVHbi
+aq/z8BqvuiONe5vwW4FEuo=
=3Lzd
-----END PGP SIGNATURE-----