Bug#852966: jessie-pu: package libxi/2:1.7.4-1+deb8u1

To: Julien Cristau <jcristau@debian.org>, 852966@bugs.debian.org
Subject: Bug#852966: jessie-pu: package libxi/2:1.7.4-1+deb8u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 28 Jan 2017 15:38:42 +0000
Message-id: <[🔎] 1485617922.1797.17.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 852966@bugs.debian.org
In-reply-to: <[🔎] 20170128152359.nzdzmtd2vl6bvtca@betterave.cristau.org>
References: <[🔎] 20170128152359.nzdzmtd2vl6bvtca@betterave.cristau.org>

Control: tags -1 + confirmed

On Sat, 2017-01-28 at 16:23 +0100, Julien Cristau wrote:
> I think this is the last one for this round.  It's also the one I'm
> least confident about.  But it's been in sid and wheezy-lts for a while,
> and a couple of issues have already been found and fixed, so maybe it's
> ok.

Fingers crossed.

> +libxi (2:1.7.4-1+deb8u1) jessie; urgency=medium
> +
> +  * Insufficient validation of data from the X server can cause out of
> +    boundary memory access or endless loops.  Addresses CVE-2016-7945 and
> +    CVE-2016-7946.

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#852966: jessie-pu: package libxi/2:1.7.4-1+deb8u1
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#852966: jessie-pu: package libxi/2:1.7.4-1+deb8u1
Next by Date: Processed: Re: Bug#852966: jessie-pu: package libxi/2:1.7.4-1+deb8u1
Previous by thread: Bug#852966: jessie-pu: package libxi/2:1.7.4-1+deb8u1
Next by thread: Processed: Re: Bug#852966: jessie-pu: package libxi/2:1.7.4-1+deb8u1
Index(es):
- Date
- Thread