| Summary: | Integer overflows in build_range() [CVE-2007-4989] | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | xorg | Reporter: | Matthieu Herrb <matthieu.herrb> | ||||||||||||
| Component: | App/xfs | Assignee: | X.Org Security <xorg_security> | ||||||||||||
| Status: | RESOLVED FIXED | QA Contact: | X.Org Security <xorg_security> | ||||||||||||
| Severity: | normal | ||||||||||||||
| Priority: | medium | CC: | dberkholz, guillem, thomas | ||||||||||||
| Version: | 7.2 (2007.02) | Keywords: | security | ||||||||||||
| Hardware: | All | ||||||||||||||
| OS: | All | ||||||||||||||
| Whiteboard: | |||||||||||||||
| i915 platform: | i915 features: | ||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Matthieu Herrb
2007-09-05 23:34:16 UTC
Created attachment 11443 [details]
iDefense draft
Created attachment 11450 [details] [review] proposed patch Both issues (this one and #12299) share CVE-2007-4568 Adding Guillem Jover, the xfstt maintainer. Created attachment 11502 [details]
reproducer
Simple way to build a request that will cause the integer overflow
tfs localhost:7100 hello
Created attachment 11585 [details] [review] updated patch Jeremy Uejio from Sun discovered that the patch was incomplete. Attached an updated patch. Created attachment 11596 [details] [review] updated again patch Hmm I realized at some point that the condition is not the same in the else clause, but I forgot to re-generate the patch before uploading it. (In reply to comment #3) > Both issues (this one and #12299) share CVE-2007-4568 > iDefense as allocated a new ID for this one: CVE-2007-4989 Fixed in commit 380fb68316f13012ff7cb2ac4addc2626fa2dad0 Public now |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.