Bug 136981 - lesstif suffers from CAN-2004-0687,0688 Xpm problems
Summary: lesstif suffers from CAN-2004-0687,0688 Xpm problems
Status: CLOSED DUPLICATE of bug 135080
Alias: None
Product: Fedora
Classification: Fedora
Component: lesstif   
(Show other bugs)
Version: 3
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-10-24 17:56 UTC by Michal Jaegermann
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 19:06:36 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Michal Jaegermann 2004-10-24 17:56:18 UTC
Description of problem:

lesstif as present in FC3test includes _two_ copies of Xpm
libraries in lib/Xm/LTXpm.c and in Xm-2.0/Xpm.c.  Although the
second copy does not seem to be really used the first one looks
like it is.  Both these copies clearly inherit stack and integer
overflow problems from the original Xpm libraries.

To make matters more "exciting" these two copies differ by used
symbol names and none follows a pattern used by 'openmotif'
sources.  Sigh!

The same really applies to all distributions which supply/supplied
lesstif.

Version-Release number of selected component (if applicable):
lesstif-0.93.36-6

Comment 1 Mark J. Cox 2004-10-27 10:04:09 UTC

*** This bug has been marked as a duplicate of 135080 ***

Comment 2 Red Hat Bugzilla 2006-02-21 19:06:36 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.