kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/x11/modular-xorg-server
History
is b1085e570b Fix CVE-2011-4028: File disclosure vulnerability. 
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file. Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Fix CVE-2011-4029: File permission change vulnerability.
Use fchmod() to change permissions of the lock file instead of
chmod(), thus avoid the race that can be exploited to set a symbolic
link to any file or directory in the system. Signed-off-by: Matthieu
Herrb <matthieu.herrb@laas.fr> Reviewed-by: Alan Coopersmith
<alan.coopersmith@oracle.com>
2012-12-15 09:26:07 +00:00
..
files
patches Fix CVE-2011-4028: File disclosure vulnerability. 2012-12-15 09:26:07 +00:00
buildlink3.mk Bump dependency on pixman to 0.18.4 because cairo-1.10 needs that 2010-09-14 11:00:44 +00:00
DESCR
distinfo Fix CVE-2011-4028: File disclosure vulnerability. 2012-12-15 09:26:07 +00:00
Makefile Fix CVE-2011-4028: File disclosure vulnerability. 2012-12-15 09:26:07 +00:00
options.mk Add inet6 to default suggested options. It's 2012. 2012-06-12 15:45:54 +00:00
PLIST Fix build on SunOS, allow x86_64 as an SunOS platform (if set so in pkgsrc). 2012-03-13 14:13:52 +00:00