Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sesman: scpv0, accept variable length data fields #958

Merged
merged 1 commit into from
Nov 28, 2017
Merged

sesman: scpv0, accept variable length data fields #958

merged 1 commit into from
Nov 28, 2017

Conversation

speidy
Copy link
Member

@speidy speidy commented Nov 21, 2017

No description provided.

@speidy speidy requested a review from jsorg71 November 21, 2017 22:41
@carnil
Copy link

carnil commented Nov 23, 2017

CVE-2017-16927

@metalefty
Copy link
Member

LGTM

@metalefty
Copy link
Member

@jsorg71 are you ok with this?

@jsorg71
Copy link
Contributor

jsorg71 commented Nov 27, 2017

+1

@metalefty metalefty merged commit d958d1f into neutrinolabs:devel Nov 28, 2017
uqs pushed a commit to freebsd/freebsd-ports that referenced this pull request Nov 30, 2017
net/xrdp-devel: Fix CVE-2017-16927
4ae6e12 
Fix CVE-2017-16927
Patch from upstream: neutrinolabs/xrdp#958

PR:		223931
Submitted by:	meta+ports@vmeta.jp (maintainer)
MFH:		2017Q4
Security:	CVE-2017-16927


git-svn-id: svn+ssh://svn.freebsd.org/ports/head@455191 35697150-7ecd-e111-bb59-0022644237b5
uqs pushed a commit to freebsd/freebsd-ports that referenced this pull request Nov 30, 2017
@pizzamig
net/xrdp-devel: Fix CVE-2017-16927
7c732ad 
Fix CVE-2017-16927
Patch from upstream: neutrinolabs/xrdp#958

PR:		223931
Submitted by:	meta+ports@vmeta.jp (maintainer)
MFH:		2017Q4
Security:	CVE-2017-16927
@Natureshadow
Copy link
Contributor

As reported in Debian, this patch is broken because g_new0(char, sz) reserves sz bytes and buf[sz] = '\0' in turn writes behind the buffer, corrupting memory.

@l2dy l2dy mentioned this pull request Dec 23, 2017
Closed
svmhdvn pushed a commit to svmhdvn/freebsd-ports that referenced this pull request Jan 10, 2024
@pizzamig
net/xrdp-devel: Fix CVE-2017-16927
f6bdfd8 
Fix CVE-2017-16927
Patch from upstream: neutrinolabs/xrdp#958

PR:		223931
Submitted by:	meta+ports@vmeta.jp (maintainer)
MFH:		2017Q4
Security:	CVE-2017-16927
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsorg71 jsorg71 jsorg71 approved these changes

@metalefty metalefty metalefty approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@speidy @carnil @metalefty @jsorg71 @Natureshadow