Call for testing: xserver

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Call for testing: xserver
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Sun, 19 Nov 2017 23:26:24 +0100
Message-id: <[🔎] 76b564e0-76db-24f3-ea03-21089e2e0bf7@debian.org>

Hi,

I prepared an update for the X server. The changelog is:

xorg-server (2:1.12.4-6+deb7u8) wheezy-security; urgency=medium

  * Cherry-pick changes from the jessie branch:

  * render: Fix out of boundary heap access
  * xkb: Escape non-printable characters correctly.
  * xkb: Handle xkb formated string output safely (CVE-2017-13723)
  * os: Make sure big requests have sufficient length.
  * Unvalidated lengths in
    - XFree86-VidModeExtension (CVE-2017-12180)
    - XFree86-DRI (CVE-2017-12182)
    - XFIXES (CVE-2017-12183)
    - XINERAMA (CVE-2017-12184)
    - MIT-SCREEN-SAVER (CVE-2017-12185)
    - RENDER (CVE-2017-12187)
  * Xi: Silence some tautological warnings
  * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
  * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177)
  * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
  * Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES (CVE-2017-2624)

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sun, 19 Nov 2017 20:27:35 +0100

These changes have been on stretch and jessie for a bit, and they work
fine for me. Still if you could give them a try, that'd be appreciated.

https://people.debian.org/~pochu/lts/xorg-server/

Thanks,
Emilio

Reply to:

Prev by Date: Re: Issue affecting php5?
Next by Date: Re: Wheezy update of roundcube?
Previous by thread: Re: Request for testing: python2.6/python2.7
Next by thread: November Report
Index(es):
- Date
- Thread