mirror of
git://slackware.nl/current.git
synced 2024-12-31 10:28:29 +01:00
a5dc0f82be
patches/packages/libksba-1.6.3-x86_64-1_slack15.0.txz: Upgraded.
Fix another integer overflow in the CRL's signature parser.
(* Security fix *)
patches/packages/sdl-1.2.15-x86_64-13_slack15.0.txz: Rebuilt.
This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
By crafting a malicious .BMP file, an attacker can cause the application
using this library to crash, denial of service, or code execution.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33657
(* Security fix *)
23 lines
804 B
Diff
23 lines
804 B
Diff
--- SDL-1.2.14/src/video/x11/SDL_x11events.c.orig 2010-04-08 11:57:05.003169834 -0700
|
|
+++ SDL-1.2.14/src/video/x11/SDL_x11events.c 2010-04-08 12:33:51.690926340 -0700
|
|
@@ -423,12 +423,15 @@
|
|
if ( xevent.xcrossing.mode == NotifyUngrab )
|
|
printf("Mode: NotifyUngrab\n");
|
|
#endif
|
|
- if ( this->input_grab == SDL_GRAB_OFF ) {
|
|
- posted = SDL_PrivateAppActive(1, SDL_APPMOUSEFOCUS);
|
|
+ if ( (xevent.xcrossing.mode != NotifyGrab) &&
|
|
+ (xevent.xcrossing.mode != NotifyUngrab) ) {
|
|
+ if ( this->input_grab == SDL_GRAB_OFF ) {
|
|
+ posted = SDL_PrivateAppActive(1, SDL_APPMOUSEFOCUS);
|
|
+ }
|
|
+ posted = SDL_PrivateMouseMotion(0, 0,
|
|
+ xevent.xcrossing.x,
|
|
+ xevent.xcrossing.y);
|
|
}
|
|
- posted = SDL_PrivateMouseMotion(0, 0,
|
|
- xevent.xcrossing.x,
|
|
- xevent.xcrossing.y);
|
|
}
|
|
break;
|
|
|