diff options
author | Michael Jennings <mej@kainx.org> | 2011-05-15 21:19:59 +0000 |
---|---|---|
committer | Michael Jennings <mej@kainx.org> | 2011-05-15 21:19:59 +0000 |
commit | e096c4df0f63fbef9833a8ede248d30ea36650e8 (patch) | |
tree | 31ed98725fa8c8062e105dc338872c04f4ac2e61 /ChangeLog | |
parent | 369e95c1df681537492ac4132fcc439a66dd7884 (diff) | |
download | eterm-e096c4df0f63fbef9833a8ede248d30ea36650e8.tar.gz |
Tue Mar 15 23:03:57 2011 mej
Fix for CVE-2011-0409 (CERT VU#285156), a use-after-free error in the
XIM code. This only affects versions where XIM support is compiled in
(which it is by default). There are no known exploits for this bug,
but it is theoretically exploitable. Thanks to Jonathan Brossard and
the team at Toucan System for responsibly disclosing this
vulnerability and to CERT for assisting with coordination and
disclosure.
----------------------------------------------------------------------
SVN revision: 59413
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -5653,3 +5653,13 @@ claims to be a string, which is probably more correct. This should also eliminate server round-trips when clients ask for UTF-8, get a string, then ask for a string (Opera). ---------------------------------------------------------------------- +Tue Mar 15 23:03:57 2011 mej + +Fix for CVE-2011-0409 (CERT VU#285156), a use-after-free error in the +XIM code. This only affects versions where XIM support is compiled in +(which it is by default). There are no known exploits for this bug, +but it is theoretically exploitable. Thanks to Jonathan Brossard and +the team at Toucan System for responsibly disclosing this +vulnerability and to CERT for assisting with coordination and +disclosure. +---------------------------------------------------------------------- |