X Strike Force XFree86 SVN commit: r1101 - trunk/debian
Author: branden
Date: 2004-02-23 02:02:03 -0500 (Mon, 23 Feb 2004)
New Revision: 1101
Modified:
trunk/debian/changelog
Log:
Update 4.2.1-6 changelog entry to include more information about security
fixes in that release.
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2004-02-23 06:59:55 UTC (rev 1100)
+++ trunk/debian/changelog 2004-02-23 07:02:03 UTC (rev 1101)
@@ -2541,6 +2541,19 @@
xfree86 (4.2.1-6) unstable; urgency=medium
+ * This changelog entry updated on 2004-02-23 to include more information
+ about security fixes.
+
+ * This release includes fixes for two security issues found by Felix
+ Kühling:
+ CAN-2004-0093: Client-supplied data (screen number) used as array index
+ into X server-side DRI data structures without validation,
+ leaving X server open to SEGVs.
+ (xc/programs/Xserver/GL/dri/xf86dri.c)
+ CAN-2004-0094: Client-supplied data (screen number) cast from unsigned
+ char to signed int.
+ (xc/programs/Xserver/GL/glx/glxcmds.c)
+
* RELEASE NOTE: the ELF object loader in the XFree86 X server does not
recognize the new symbol relocations used by GCC 3.2 on the IA-64
architecture; this means that the "xserver-xfree86" package will not work
@@ -2594,7 +2607,7 @@
number parameter received over the wire by the X server's DRI extension
code, and fix some similar checks in the GLX code. This fixes X server
segfaults when an invalid screen value is provided (#A.1434, Felix
- Kühling).
+ Kühling). [SECURITY FIX] (CAN-2004-0093, CAN-2004-0094)
+ (xc/programs/Xserver/fb/fbpict.c): Fix incorrect datatype for the pixmap
width in fbCompositeSrcAdd_8000x8000(), and add some small optimisations
(#A.1423, Keith Packard).
Reply to: