Bug 136981

Summary: lesstif suffers from CAN-2004-0687,0688 Xpm problems
Product: [Fedora] Fedora Reporter: Michal Jaegermann <michal>
Component: lesstifAssignee: Thomas Woerner <twoerner>
Severity: medium Docs Contact:
Priority: medium    
Version: 3Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:06:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Michal Jaegermann 2004-10-24 17:56:18 UTC
Description of problem:

lesstif as present in FC3test includes _two_ copies of Xpm
libraries in lib/Xm/LTXpm.c and in Xm-2.0/Xpm.c.  Although the
second copy does not seem to be really used the first one looks
like it is.  Both these copies clearly inherit stack and integer
overflow problems from the original Xpm libraries.

To make matters more "exciting" these two copies differ by used
symbol names and none follows a pattern used by 'openmotif'
sources.  Sigh!

The same really applies to all distributions which supply/supplied

Version-Release number of selected component (if applicable):

Comment 1 Mark J. Cox 2004-10-27 10:04:09 UTC

*** This bug has been marked as a duplicate of 135080 ***

Comment 2 Red Hat Bugzilla 2006-02-21 19:06:36 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.