Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
CVE fix, already in wheezy-lts and sid.
Cheers,
Julien
diff -u libxfixes-5.0.1/debian/changelog libxfixes-5.0.1/debian/changelog
--- libxfixes-5.0.1/debian/changelog
+++ libxfixes-5.0.1/debian/changelog
@@ -1,3 +1,9 @@
+libxfixes (1:5.0.1-2+deb8u1) jessie; urgency=high
+
+ * Integer overflow on illegal server response (CVE-2016-7944)
+
+ -- Julien Cristau <jcristau@debian.org> Sat, 07 Jan 2017 16:30:24 +0100
+
libxfixes (1:5.0.1-2) sid; urgency=low
* Mark libxfixes-dev as Multi-arch: same (closes: #677657).
only in patch2:
unchanged:
--- libxfixes-5.0.1.orig/src/Region.c
+++ libxfixes-5.0.1/src/Region.c
@@ -23,6 +23,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+#include <limits.h>
#include "Xfixesint.h"
XserverRegion
@@ -333,9 +334,17 @@
bounds->y = rep.y;
bounds->width = rep.width;
bounds->height = rep.height;
- nbytes = (long) rep.length << 2;
- nrects = rep.length >> 1;
- rects = Xmalloc (nrects * sizeof (XRectangle));
+
+ if (rep.length < (INT_MAX >> 2)) {
+ nbytes = (long) rep.length << 2;
+ nrects = rep.length >> 1;
+ rects = Xmalloc (nrects * sizeof (XRectangle));
+ } else {
+ nbytes = 0;
+ nrects = 0;
+ rects = NULL;
+ }
+
if (!rects)
{
_XEatDataWords(dpy, rep.length);
Attachment:
signature.asc
Description: PGP signature