> Ubuntu backported a fix for this hole to lesstif1. From their changelog:
>
> * SECURITY UPDATE: More Xpm vulnerabilities.
> * lib/Xm-2.1/Xpmcreate.c, lib/Xm-2.1/Xpmscan.c: Applied patch from
> freedesktop.org to avoid integer overflows.
> * lib/Xm/LTXpm.c: Backported patch to old lesstif1.
> * References:
> CAN-2005-0605
> https://bugs.freedesktop.org/show_bug.cgi?id=3D1920
> https://bugzilla.ubuntulinux.org/show_bug.cgi?id=3D7210
The change for lesstif1 was rather trivial since the variables
are declared correctly already. So the patch for the old lesstif1
reduces to
Hi!
> Ubuntu backported a fix for this hole to lesstif1. From their changelog: 2.1/Xpmcreate. c, lib/Xm- 2.1/Xpmscan. c: Applied patch from /bugs.freedeskt op.org/ show_bug. cgi?id= 3D1920 /bugzilla. ubuntulinux. org/show_ bug.cgi? id=3D7210
>
> * SECURITY UPDATE: More Xpm vulnerabilities.
> * lib/Xm-
> freedesktop.org to avoid integer overflows.
> * lib/Xm/LTXpm.c: Backported patch to old lesstif1.
> * References:
> CAN-2005-0605
> https:/
> https:/
The change for lesstif1 was rather trivial since the variables
are declared correctly already. So the patch for the old lesstif1
reduces to
--- lesstif1- 1-0.93. 94.orig/ lib/Xm/ LTXpm.c 1-0.93. 94/lib/ Xm/LTXpm. c bits_per_ pixel;
+++ lesstif1-
@@ -6305,6 +6305,9 @@
ibpp = image->
offset = image->xoffset;
+ if (image->bitmap_unit < 0) >bits_per_ pixel | image->depth) == 1) {
+ return (_LtXpmNoMemory);
+
if ((image-
ibu = image->bitmap_unit;
for (y = 0; y < height; y++)
Regards,
Martin
-- www.piware. de www.ubuntulinux .org www.debian. org
Martin Pitt http://
Ubuntu Developer http://
Debian GNU/Linux Developer http://