Bug 136981

Summary: lesstif suffers from CAN-2004-0687,0688 Xpm problems
Product: [Fedora] Fedora Reporter: Michal Jaegermann <michal>
Component: lesstifAssignee: Thomas Woerner <twoerner>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:06:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Jaegermann 2004-10-24 17:56:18 UTC 
Description of problem:

lesstif as present in FC3test includes _two_ copies of Xpm
libraries in lib/Xm/LTXpm.c and in Xm-2.0/Xpm.c.  Although the
second copy does not seem to be really used the first one looks
like it is.  Both these copies clearly inherit stack and integer
overflow problems from the original Xpm libraries.

To make matters more "exciting" these two copies differ by used
symbol names and none follows a pattern used by 'openmotif'
sources.  Sigh!

The same really applies to all distributions which supply/supplied
lesstif.

Version-Release number of selected component (if applicable):
lesstif-0.93.36-6
Comment 1 Mark J. Cox 2004-10-27 10:04:09 UTC 

*** This bug has been marked as a duplicate of 135080 ***
Comment 2 Red Hat Bugzilla 2006-02-21 19:06:36 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.