[src/netbsd-6]: src/doc Ticket 1063.

[msaitoh <msaitoh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/452cdae5f85b
branches:  netbsd-6
changeset: 776617:452cdae5f85b
user:      msaitoh <msaitoh%NetBSD.org@localhost>
date:      Wed May 14 03:52:21 2014 +0000

description:
Ticket 1063.

diffstat:

 doc/CHANGES-6.2 |  18 +++++++++++++++++-
 1 files changed, 17 insertions(+), 1 deletions(-)

diffs (29 lines):

diff -r b5dfb3ec98d3 -r 452cdae5f85b doc/CHANGES-6.2
--- a/doc/CHANGES-6.2   Wed Apr 30 05:38:31 2014 +0000
+++ b/doc/CHANGES-6.2   Wed May 14 03:52:21 2014 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.108 2014/04/30 05:38:31 msaitoh Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.109 2014/05/14 03:52:21 msaitoh Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -2192,3 +2192,19 @@
 
        Fix memory leak. This bug was introduced after releasing NetBSD 6.1.
        [christos, ticket #1036]
+
+xsrc/external/mit/libXfont/dist/src/fc/fsconvert.c     1.2
+xsrc/external/mit/libXfont/dist/src/fc/fserve.c                1.2
+xsrc/external/mit/libXfont/dist/src/fontfile/dirfile.c 1.2
+xsrc/xfree/xc/lib/font/fc/fsconvert.c                  1.5
+xsrc/xfree/xc/lib/font/fc/fserve.c                     1.5
+xsrc/xfree/xc/lib/font/fontfile/dirfile.c              1.5
+
+       Fix multiple vulnerabilities in libXfont:
+       - CVE-2014-0209: integer overflow of allocations in font metadata
+         file parsing
+       - CVE-2014-0210: unvalidated length fields when parsing xfs protocol
+         replies
+       - CVE-2014-0211: integer overflows calculating memory needs for xfs
+         replies
+       [spz, ticket #1063]