OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jon Keating (jkeatingheuris.com)
Date: Thu Jun 13 2002 - 13:42:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    From what I have received personally from my post, 2 * resolution_height
    sounds like a good idea.

    Jon

    > -----Original Message-----
    > From: Keith Warno [mailto:keith.warnovalaran.com]
    > Sent: Thursday, June 13, 2002 9:48 AM
    > To: 'Tom'; bugtraqsecurityfocus.com
    > Subject: RE: remote DoS in Mozilla 1.0
    >
    >
    > | -----Original Message-----
    > | From: Tom [mailto:tomlemuria.org]
    > | Sent: Monday, June 10, 2002 4:20 AM
    > | To: bugtraqsecurityfocus.com
    > | Subject: remote DoS in Mozilla 1.0
    > |
    >
    > [...]
    >
    > |
    > | Vendor Contact
    > | ==============
    >
    > [...]
    >
    > | also filed with the XFree86 team, no reaction so far
    > |
    > |
    >
    >
    > There is chatter but the same type of question regarding "at
    > what point [is]
    > a request for a font ... clearly invalid" is being asked.
    >
    >
    > ---------- Forwarded message ----------
    > Date: Thu, 13 Jun 2002 09:46:56 +0100
    > From: Juliusz Chroboczek <jecdcs.ed.ac.uk>
    > Reply-To: xpertXFree86.Org
    > To: xpertXFree86.Org
    > Subject: Re: [Xpert]abort() in libXfont 4.2.0 (was FW: remote DoS in
    > Mozilla 1.0)
    >
    > From: Juliusz Chroboczek <jecdcs.ed.ac.uk>
    > Subject: Re: [bugtraq] remote DoS in Mozilla 1.0
    > To: develxfree86.org
    > Date: 12 Jun 2002 08:51:49 +0100
    >
    > MH> Interesting problem reported on bugtraq:
    > MH> <http://online.securityfocus.com/archive/1/276120>
    >
    > I see. Two bugs here.
    >
    > One is the dodgy error-handling in the Type 1 backend, which gives up
    > by calling abort() (see the very end of curves.c). I agree that this
    > is a bug; however, as I'm hoping to phase out the current Type 1
    > backend in favour of one based on FreeType 2 in time for 4.3.0, I do
    > not intend to fix it.
    >
    > The other problem is that we do not fail a priori requests for very
    > large fonts. I do agree that this should be done, and I think it
    > should be done at the common layer (above the font backends); could
    > anyone suggest at what point a request for a font is clearly invalid?
    >
    > Juliusz
    >
    > _______________________________________________
    > Xpert mailing list
    > XpertXFree86.Org
    > http://XFree86.Org/mailman/listinfo/xpert
    >