search for: zdi

...+++ clamav-milter/clamav-milter.c @@ -3439,9 +3439,9 @@ { fd_set rfds; struct timeval tv; + int ret; assert(sock >= 0); - int ret; if(readTimeout == 0) { do >How-To-Repeat: See: http://www.zerodayinitiative.com/advisories/ZDI-05-002.html when trying to compile new clamav, get this: Applying FreeBSD patches for clamav-0.87.1 Ignoring previously applied (or reversed) patch. 1 out of 1 hunks ignored--saving rejects to clamav-milter/clamav-milter.c.rej => Patch patch-clamav-milter_clamav-milter.c failed to apply...

Multiple input validation failures in X server extensions ========================================================= All theses issuses can lead to local privileges elevation on systems where the X server is running privileged. * CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access The handler for the XkbSetNames request does not validate the request length before accessing its contents. * CVE-2020-14346 / ZDI CAN 11429 XIChangeHierarchy Integer Underflow An integer underflow exists in the handler for the XIChangeHierarchy request...

X.Org Security Advisory: March 29, 2023 X.Org Server Overlay Window Use-After-Free ========================================== This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-afte...

...). The time line is as follows: * April 25, 2007: Four individual defects reported to the security@samba.org email alias. * April 25, 2007: Initial developer response by Samba developer Volker Lendecke. * April 28, 2007: Patches for four defects released by Samba developer Jeremy Allison to ZDI for testing. * May 3, 2007: Fixed confirmed by original reporter. * May 5, 2007: Fifth defect reported to security@samba.org. * May 5, 2007: Patches for fifth defects released to ZDI for testing by Samba developer Jeremy Allison. * May 10, Announcement to vendor-sec mailing list * May 14, 2007: P...

...modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation Lyude Paul (1): xwayland: Store xwl_tablet_pad in its own private key Martin Weber (1): hw/xfree86: Avoid cursor use after free Matt Turner (1): xserver 1.20.9 Matthieu Herrb (5): fix for ZDI-11426 Correct bounds checking in XkbSetNames() Fix XIChangeHierarchy() integer underflow Fix XkbSelectEvents() integer underflow Fix XRecordRegisterClients() Integer underflow Michel D?nzer (7): present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip...

...2Nnx1 za}ft~j$NgBf2f_S_w|yH^1vKQ@h%!1L{A(<o^)^izEPoq9?W78#^4s-@{WeHodY61 zf2Lkn(q~O;F1A0%$AU;2Jk;~Q<wZ)fYU&?S2A1tdbX&f$?6t7%X@7m7G?@%V`P{5y zj2zkM{4Ia_>;?C6o5|(%d0J3kA4vVYVr+#FZ{8q=csuI$w*$;R4@HX~yT9spq2Ls^ z(^Ob@cpZNd)>yk5_zvDtwzQ?wV5>Z$p;dGjczMuV)scqFcK+VkWu;obgO~pLz>6KJ zDiF6TJLS%>O3k`qN)W-7dhJPOUC5w`)Nr=LdwSTGND8_{Ek}bB*xj95W@cYh-rt#4 zi-omz$oVT!1A*gm++tZ{WW@g&GD3Oq!Qu6$f=zT3bQQU<kTER~b^eVE$RZfg?tQml zv=7ms#t3xuW$mJi>Lrk^y%XZ#mTt+{?vQrcs>PhX#pzd7jYbXRA`YHh-rn5Qb#ig} zJ~cHJ(bCegcXn3J#m&8YdMagNLf)efUQ<^aS6)t|sH$3|s;WxO&dy$5Y|+zEjxDAr z6On)L+H...

...u( z!y10k8X88^hF=7=fi^V!%o|1_9Hm|u^)tV4L3{3(G4#Stwc+Dm_}O_obtOY~y`jgS z%`v3^dGR9gclKsQIfuGGE4)_zy>+u0p1k?nEB-d)$!}h?(jVPy@^7-z`)@YuIcCux zyZN8lTW@*eA7d^0xtnVzl56+xIdSt48NPY*QA1&U%kJ@&M>Ky;Bt>dq`wD-!HsGyK z>28K*KI<O|`D=#IVL^X|UKk2_>zyX|5MQub?-xXI-ZdBu_`Ef|dIXd$<Z~8xtMUgb zdildBT^sU8e9m4$Z-p;ZTvHh|N>C~EBH+{eM=&KW6td?kwK!q2a*BHd%j?2cs#_4N z(_iBYS?x!BBO=aHpdND3<RtVu%FO!IRhRifMrp`f6Bf%W%Pj3JFZYGR{xW~SAF0nR zj8F9o1#5kwh~F1>^r)*T7y9Tf9#GsZSX~>e!NR6>7_-}~#y3o?biGIf&QgE1FC?P| z24!X$V(psQy at PdOpNys?3`{VGBlQ8F7{3TDdZ(;z{rgKocVBtH8<Gn at y;#;D2J4NK zV_...

depends on "autoconf: regenerate configure scripts with 4.4 version" This series removes some of the really old deadwood from the tools build and makes some other things which are on their way out configurable at build time with a default depending on how far down the slope I judge them to be. * nuke in tree copy of libaio * nuke obsolete tools: xsview, miniterm, lomount & sv *