[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Call for testing: xserver



Hi,

I prepared an update for the X server. The changelog is:

xorg-server (2:1.12.4-6+deb7u8) wheezy-security; urgency=medium

  * Cherry-pick changes from the jessie branch:

  * render: Fix out of boundary heap access
  * xkb: Escape non-printable characters correctly.
  * xkb: Handle xkb formated string output safely (CVE-2017-13723)
  * os: Make sure big requests have sufficient length.
  * Unvalidated lengths in
    - XFree86-VidModeExtension (CVE-2017-12180)
    - XFree86-DRI (CVE-2017-12182)
    - XFIXES (CVE-2017-12183)
    - XINERAMA (CVE-2017-12184)
    - MIT-SCREEN-SAVER (CVE-2017-12185)
    - RENDER (CVE-2017-12187)
  * Xi: Silence some tautological warnings
  * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
  * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177)
  * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
  * Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES (CVE-2017-2624)

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Sun, 19 Nov 2017 20:27:35 +0100

These changes have been on stretch and jessie for a bit, and they work
fine for me. Still if you could give them a try, that'd be appreciated.

https://people.debian.org/~pochu/lts/xorg-server/

Thanks,
Emilio


Reply to: