libx11: Changes to 'debian-unstable'

To: debian-x@lists.debian.org
Subject: libx11: Changes to 'debian-unstable'
From: Julien Cristau <jcristau@alioth.debian.org>
Date: Fri, 09 Mar 2007 02:03:43 +0000
Message-id: <[🔎] E1HPUSN-00083G-Ms@alioth.debian.org>

 debian/changelog                                  |    7 +++++++
 debian/patches/022_XInitImage_input_validate.diff |   19 +++++++++++++++++++
 debian/patches/series                             |    1 +
 3 files changed, 27 insertions(+)

New commits:
commit dc9db50d754976bdd0df34faf0cd6296adb2e208
Author: Julien Cristau <jcristau@debian.org>
Date:   Fri Mar 9 02:28:49 2007 +0100

    Fix security issue in XInitImage()
    
    Add patch by Daniel Kobras <kobras@debian.org> to add more input
    validation to XInitImage(), to fix security issues (closes: #414045).

diff --git a/debian/changelog b/debian/changelog
index 96c857f..c491cc9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libx11 (2:1.0.3-6) unstable; urgency=high
+
+  * Add patch by Daniel Kobras <kobras@debian.org> to add more input
+    validation to XInitImage(), to fix security issues (closes: #414045).
+
+ -- Julien Cristau <jcristau@debian.org>  Fri,  9 Mar 2007 02:23:06 +0100
+
 libx11 (2:1.0.3-5) unstable; urgency=high
 
   * Remove /usr/X11R6/lib from /etc/ld.so.conf in postinst if it's no longer
diff --git a/debian/patches/022_XInitImage_input_validate.diff b/debian/patches/022_XInitImage_input_validate.diff
new file mode 100644
index 0000000..e22ca19
--- /dev/null
+++ b/debian/patches/022_XInitImage_input_validate.diff
@@ -0,0 +1,19 @@
+Add more input validation to XInitImage(), to avoid buffer overflow in
+XGetPixel(), which assumes sane values.
+Debian bug #414045.
+
+This patch by Daniel Kobras <kobras@debian.org>
+
+Index: libx11/src/ImUtil.c
+===================================================================
+--- libx11.orig/src/ImUtil.c	2007-03-09 02:21:29.000000000 +0100
++++ libx11/src/ImUtil.c	2007-03-09 02:22:34.000000000 +0100
+@@ -385,6 +385,8 @@
+     XImage *image;
+ {
+ 	if (image->depth == 0 || image->depth > 32 ||
++	    image->bits_per_pixel > 32 || image->bitmap_unit > 32 ||
++	    image->bits_per_pixel < 0 || image->bitmap_unit < 0 ||
+ 	    (image->format != XYBitmap &&
+ 	     image->format != XYPixmap &&
+ 	     image->format != ZPixmap) ||
diff --git a/debian/patches/series b/debian/patches/series
index 1364571..d10a1c1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,4 @@
 019_new_autoconf.diff
 020_CVE-2006-5397.diff
 021_compose_fclose.diff
+022_XInitImage_input_validate.diff

Reply to:

Prev by Date: Bug#402537: xdm exits immediately after been launched
Next by Date: libx11: Changes to 'refs/tags/libx11-2_1.0.3-6'
Previous by thread: Bug#268120: What are "CTRL+ALT key combinations for creating international characters ... that Windows uses" ?
Next by thread: libx11: Changes to 'refs/tags/libx11-2_1.0.3-6'
Index(es):
- Date
- Thread