1. Tue Mar 15 23:03:57 2011                        Michael Jennings (mej)

  2. 

  3. Fix for CVE-2011-0409 (CERT VU#285156), a use-after-free error in the

  4. XIM code.  This only affects versions where XIM support is compiled in

  5. (which it is by default).  There are no known exploits for this bug,

  6. but it is theoretically exploitable.  Thanks to Jonathan Brossard and

  7. the team at Toucan System for responsibly disclosing this

  8. vulnerability and to CERT for assisting with coordination and

  9. disclosure.

  10. ----------------------------------------------------------------------

  11. Tue Mar 15 23:08:26 2011                        Michael Jennings (mej)

  12. 

  13. Fix for CVE-2011-0768, an off-by-one error in handling large pixmap

  14. filenames which resulted in an overflow of a single NUL character if

  15. the filename exceeded PATH_MAX bytes.  This bug is NOT exploitable.

  16. Again, thanks to Jonathan Brossard and the team at Toucan System for

  17. responsibly disclosing this vulnerability and to CERT for assisting

  18. with coordination and disclosure.