NetSurf 1.2 security flaws (was: Hi)

John-Mark Bell jmb at netsurf-browser.org
Fri Jan 16 01:16:48 GMT 2009


On Thu, 15 Jan 2009, Rob Kendrick wrote:

> On Wed, 14 Jan 2009 19:47:20 -0500
> "Jeremy Brown" <0xjbrown41 at gmail.com> wrote:
>
>> http://jbrownsec.blogspot.com/2009/01/jbrownsec-changes-code.html
>>
>> http://stashbox.org/361736/netsurf_multiple_adv.txt
>
> +10 points for finding them.
>
> -11 points for not giving us time to fix before making them public.

It would appear that the following solves the issue:

   $ cd branches/1
   $ svnmerge merge --revision 5100 netsurf

(then resolve the conflicts). This also hauls in r4001 and r4049.

Log entries for these revisions:

------------------------------------------------------------------------
r4001 | rjek | 2008-03-20 19:12:17 +0000 (Thu, 20 Mar 2008) | 1 line
Changed paths:
    M /trunk/netsurf/gtk/gtk_thumbnail.c

Add assert for creating pixmap for GTK thumbnails, and a LOG of what it 
tried to do.

------------------------------------------------------------------------
r4049 | rjek | 2008-03-25 11:42:59 +0000 (Tue, 25 Mar 2008) | 1 line
Changed paths:
    M /trunk/netsurf/gtk/gtk_thumbnail.c
Make GTK thumbnail creation more robust, return false when unable to 
create pixmap for thumbnail.

------------------------------------------------------------------------
r5100 | jmb | 2008-08-13 18:16:39 +0100 (Wed, 13 Aug 2008) | 3 lines
Changed paths:
    M /trunk/netsurf/gtk/gtk_thumbnail.c

Some vague attempt at limiting the size of large bitmaps for thumbnailing.
This probably wants someone who has a clue about gtk to look at it.


J.



More information about the netsurf-dev mailing list