-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 tags + patch thanks
Hi, > > OpenMotif includes an outdated copy of the Xpm library with a number of > > vulnerabilities: CAN-2004-0687, CAN-2004-0688, CAN-2004-0914, and > > CAN-2005-0605. > I investigated this a bit and it seems that upstream only has made > fixes available for the first two CANs yet. For reference I attached > the output of a cvs diff between 2.2.3 and 2.2.4 of the affected files > (AFAICT) I created a patch for missing two piece and modified djpig's patch to suit Debian package. All of them are taken from XFree86 CVS diff. For test, ida and mwm looks still work correctly (although mwm misses system.mwmrc by incorrect original rules). Thanks, - -- Kenshi Muto [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/> iEYEARECAAYFAkKZVT8ACgkQQKW+7XLQPLEXOwCg2AdJv3l9HC8lyUmeUH6qvh7E xgMAoKxc5s5GoiTF97KQLihpvxDCs+br =6F/p -----END PGP SIGNATURE-----
xpm.patch.tar.gz
Description: Binary data
