Subject: CVS commit: src/games/tetris
To: None <source-changes@NetBSD.org>
From: Matthias Drochner <drochner@netbsd.org>
List: source-changes
Date: 06/01/2006 16:12:27
Module Name: src
Committed By: drochner
Date: Thu Jun 1 16:12:27 UTC 2006
Modified Files:
src/games/tetris: scores.c
Log Message:
Better check data read from tetris.scores before use as array indices etc.
This is CVE-2006-1539, files against Gentoo Linux, the patch is from
Gentoo.
A standard NetBSD installation is not as much risk because tetris is
sgid "games", and users shouldn't be in that group.
To generate a diff of this commit:
cvs rdiff -r1.13 -r1.14 src/games/tetris/scores.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.