[src/netbsd-3-0]: src/doc Ticket #1752.

[ghen <ghen%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b87bc6baf764
branches:  netbsd-3-0
changeset: 579402:b87bc6baf764
user:      ghen <ghen%NetBSD.org@localhost>
date:      Wed Apr 04 22:23:33 2007 +0000

description:
Ticket #1752.

diffstat:

 doc/CHANGES-3.0.3 |  20 +++++++++++++++++++-
 1 files changed, 19 insertions(+), 1 deletions(-)

diffs (31 lines):

diff -r 9bc470e3fcef -r b87bc6baf764 doc/CHANGES-3.0.3
--- a/doc/CHANGES-3.0.3 Wed Apr 04 21:31:57 2007 +0000
+++ b/doc/CHANGES-3.0.3 Wed Apr 04 22:23:33 2007 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: CHANGES-3.0.3,v 1.1.2.31 2007/04/04 21:31:57 bouyer Exp $
+#      $NetBSD: CHANGES-3.0.3,v 1.1.2.32 2007/04/04 22:23:33 ghen Exp $
 
 A complete list of changes from the NetBSD 3.0.2 release to the NetBSD 3.0.3
 release:
@@ -1611,3 +1611,21 @@
        exploitable heap overflow.
        [adrianp, ticket #1743]
 
+xsrc/xfree/xc/lib/X11/ImUtil.c                 1.2
+xsrc/xfree/xc/lib/font/bitmap/bdfread.c                1.2
+xsrc/xfree/xc/lib/font/fontfile/fontdir.c      1.2
+xsrc/xfree/xc/programs/Xserver/Xext/xcmisc.c   1.2
+
+       Fix a possible memory corruption due to integer overflow in
+       ProcXCMiscGetXIDList() (CVE-2007-1003).
+
+       Fix a possible memory corruption due to integer overflow, caused by
+       lack of validation of bdf font files (CVE 2007-1351).
+
+       Fix a possible memory corruption due to integer overflow, caused by
+       lack of validation of fonts.dir files (CVE 2007-1352).
+
+       Fix a possible memory corruption due to incomplete input validation in
+       XInitImage() (CVE 2007-1667).
+       [drochner, ticket #1752]
+