xorg-server: Changes to 'debian-unstable'
debian/changelog | 8 +++++++
debian/patches/45_CVE-2007-2437.diff | 37 +++++++++++++++++++++++++++++++++++
debian/patches/series | 1
3 files changed, 46 insertions(+)
New commits:
commit e9518783b6bb4f1d043a8124845ea13cae06c57c
Author: Julien Cristau <jcristau@debian.org>
Date: Wed May 9 02:19:24 2007 +0200
Add fix for CVE-2007-2437.
Cherry-pick patch from upstream git to fix security issue in the Xrender
extension: malicious clients can cause a division by zero in the server
(closes: #422936). Reference: CVE-2007-2437. Thanks, Micah Anderson!
diff --git a/debian/changelog b/debian/changelog
index 392b61d..63eb057 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xorg-server (2:1.3.0.0.dfsg-4) unstable; urgency=low
+
+ * Cherry-pick patch from upstream git to fix security issue in the Xrender
+ extension: malicious clients can cause a division by zero in the server
+ (closes: #422936). Reference: CVE-2007-2437. Thanks, Micah Anderson!
+
+ -- Julien Cristau <jcristau@debian.org> Wed, 09 May 2007 02:11:08 +0200
+
xorg-server (2:1.3.0.0.dfsg-3) unstable; urgency=low
* Include 94_use_default_font_path.diff. This patch is like Eugene's patch
diff --git a/debian/patches/45_CVE-2007-2437.diff b/debian/patches/45_CVE-2007-2437.diff
new file mode 100644
index 0000000..17699e0
--- /dev/null
+++ b/debian/patches/45_CVE-2007-2437.diff
@@ -0,0 +1,37 @@
+From 71fc5b3e9309182978ead676965d65ca93a4e3b9 Mon Sep 17 00:00:00 2001
+From: Keith Packard <keithp@keithp.com>
+Date: Wed, 2 May 2007 11:41:11 +0200
+Subject: [PATCH] Fix for a divide by zero that can be triggered by a malicious client.
+
+Problem reported by Derek Abdine of rapid7.com. Thanks.
+---
+ fb/fbtrap.c | 3 +++
+ render/renderedge.c | 1 +
+ 2 files changed, 4 insertions(+), 0 deletions(-)
+
+Index: xorg-server/fb/fbtrap.c
+===================================================================
+--- xorg-server.orig/fb/fbtrap.c 2007-05-09 02:16:04.000000000 +0200
++++ xorg-server/fb/fbtrap.c 2007-05-09 02:27:10.000000000 +0200
+@@ -115,6 +115,9 @@
+ RenderEdge l, r;
+ xFixed t, b;
+
++ if (!xTrapezoidValid (trap))
++ return;
++
+ fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff);
+
+ width = pPicture->pDrawable->width;
+Index: xorg-server/render/renderedge.c
+===================================================================
+--- xorg-server.orig/render/renderedge.c 2007-05-09 02:16:04.000000000 +0200
++++ xorg-server/render/renderedge.c 2007-05-09 02:27:10.000000000 +0200
+@@ -143,6 +143,7 @@
+ dx = x_bot - x_top;
+ dy = y_bot - y_top;
+ e->dy = dy;
++ e->dx = 0;
+ if (dy)
+ {
+ if (dx >= 0)
diff --git a/debian/patches/series b/debian/patches/series
index 12f3434..e5b2a45 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,6 +16,7 @@
34_xorg.conf_man_typos.patch
39_alpha_build_flags.patch -p0
44_fedora-xephyr-keysym-madness.diff
+45_CVE-2007-2437.diff
91_ttf2pt1
91_ttf2pt1_updates
92_xprint-security-holes-fix.patch
Reply to: