Bug 136981 - lesstif suffers from CAN-2004-0687,0688 Xpm problems
lesstif suffers from CAN-2004-0687,0688 Xpm problems
Status: CLOSED DUPLICATE of bug 135080
Product: Fedora
Classification: Fedora
Component: lesstif (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-24 13:56 EDT by Michal Jaegermann
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 14:06:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Jaegermann 2004-10-24 13:56:18 EDT
Description of problem:

lesstif as present in FC3test includes _two_ copies of Xpm
libraries in lib/Xm/LTXpm.c and in Xm-2.0/Xpm.c.  Although the
second copy does not seem to be really used the first one looks
like it is.  Both these copies clearly inherit stack and integer
overflow problems from the original Xpm libraries.

To make matters more "exciting" these two copies differ by used
symbol names and none follows a pattern used by 'openmotif'
sources.  Sigh!

The same really applies to all distributions which supply/supplied
lesstif.

Version-Release number of selected component (if applicable):
lesstif-0.93.36-6
Comment 1 Mark J. Cox (Product Security) 2004-10-27 06:04:09 EDT

*** This bug has been marked as a duplicate of 135080 ***
Comment 2 Red Hat Bugzilla 2006-02-21 14:06:36 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.