Hi! > Ubuntu backported a fix for this hole to lesstif1. From their changelog: > > * SECURITY UPDATE: More Xpm vulnerabilities. > * lib/Xm-2.1/Xpmcreate.c, lib/Xm-2.1/Xpmscan.c: Applied patch from > freedesktop.org to avoid integer overflows. > * lib/Xm/LTXpm.c: Backported patch to old lesstif1. > * References: > CAN-2005-0605 > https://bugs.freedesktop.org/show_bug.cgi?id=3D1920 > https://bugzilla.ubuntulinux.org/show_bug.cgi?id=3D7210
The change for lesstif1 was rather trivial since the variables
are declared correctly already. So the patch for the old lesstif1
reduces to
--- lesstif1-1-0.93.94.orig/lib/Xm/LTXpm.c
+++ lesstif1-1-0.93.94/lib/Xm/LTXpm.c
@@ -6305,6 +6305,9 @@
ibpp = image->bits_per_pixel;
offset = image->xoffset;
+ if (image->bitmap_unit < 0)
+ return (_LtXpmNoMemory);
+
if ((image->bits_per_pixel | image->depth) == 1) {
ibu = image->bitmap_unit;
for (y = 0; y < height; y++)
Regards,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
