From unknown Fri Mar 29 13:23:10 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#879: CVE backports incomplete or wrong Reply-To: Ulrich Sibiller , 879@bugs.x2go.org Resent-From: Ulrich Sibiller Original-Sender: ulrich.sibiller@gmail.com Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 21 May 2015 06:45:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 879 X-X2Go-PR-Package: nx-libs X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.14321906407768 (code B); Thu, 21 May 2015 06:45:01 +0000 Received: (at submit) by bugs.x2go.org; 21 May 2015 06:44:00 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID autolearn=ham version=3.3.2 Received: from mail-la0-f53.google.com (mail-la0-f53.google.com [209.85.215.53]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 70DDD5DA84 for ; Thu, 21 May 2015 08:43:58 +0200 (CEST) Received: by lagr1 with SMTP id r1so95310670lag.0 for ; Wed, 20 May 2015 23:43:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=fJibvKLUABCiC+Gv/YPAqcLRCgPkU+TvP3/REBjdjgw=; b=EWb/iK8+2Hc3L/phNNKi0Gl8jUUWfMofbfuAqJ3Jv2v5pf1Ph3gwEn7XVQIrSkIQ2c KLbJSrhiefGJ5HTwGQs2dm1htmzkl4BzDqmt/oLJDWjdzpGH68gGoIAsq6Z/ogYDYTTX 1Xq3eSbb3c2DXDwxU+Ek5DoaRmDq4YWZ6ZlxUcm2UGfDx4YXpHeQHyp3iDH2anMl9bpg AiNcANacNB/uCugKVUFRFNntNkL/rZEEZSsOUNW8MOmkGjTYsPrV8XQ4axKLvFFEm2tY We/A8nlUtmxd5KMy4TV82rvaiBe3hIBiSufO93ih9hpxGGuKtBcP8SAZG2JYm3lnNAvU NtWg== X-Received: by 10.112.125.33 with SMTP id mn1mr935607lbb.82.1432190637530; Wed, 20 May 2015 23:43:57 -0700 (PDT) MIME-Version: 1.0 Sender: ulrich.sibiller@gmail.com Received: by 10.112.11.201 with HTTP; Wed, 20 May 2015 23:43:37 -0700 (PDT) In-Reply-To: References: From: Ulrich Sibiller Date: Thu, 21 May 2015 08:43:37 +0200 X-Google-Sender-Auth: XQD-nrbrv9L88VwggZaXQJitVMI Message-ID: To: submit@bugs.x2go.org Content-Type: text/plain; charset=UTF-8 Package: nx-libs Recently a lot of CVE fixes have been added to nx-libs. E.g. debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch and debian/patches/1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch add missing checks to nx-X11/programs/Xserver/render/render.c. However, there's a file called nx-X11/programs/Xserver/hw/nxagent/NXrender.c which is derived from render.c and in that file those checks are missing, too. (I suspect the original render/render.c is not used at all in favour of hw/nxagent/NXrender.c but I am not 100% sure here.) If render.c is used a all (I am not sure) the patches should be extended to also fix NXrender.c. If render.c is not used it should be removed and the patches should be applied to NXrender.c instead. There might be more cases like this, I only picked this one as an example.