[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

xorg-server: Changes to 'debian-unstable'

 debian/changelog                     |    8 +++++++
 debian/patches/45_CVE-2007-2437.diff |   37 +++++++++++++++++++++++++++++++++++
 debian/patches/series                |    1 
 3 files changed, 46 insertions(+)

New commits:
commit e9518783b6bb4f1d043a8124845ea13cae06c57c
Author: Julien Cristau <jcristau@debian.org>
Date:   Wed May 9 02:19:24 2007 +0200

    Add fix for CVE-2007-2437.
    
    Cherry-pick patch from upstream git to fix security issue in the Xrender
    extension: malicious clients can cause a division by zero in the server
    (closes: #422936). Reference: CVE-2007-2437. Thanks, Micah Anderson!

diff --git a/debian/changelog b/debian/changelog
index 392b61d..63eb057 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xorg-server (2:1.3.0.0.dfsg-4) unstable; urgency=low
+
+  * Cherry-pick patch from upstream git to fix security issue in the Xrender
+    extension: malicious clients can cause a division by zero in the server
+    (closes: #422936). Reference: CVE-2007-2437. Thanks, Micah Anderson!
+
+ -- Julien Cristau <jcristau@debian.org>  Wed, 09 May 2007 02:11:08 +0200
+
 xorg-server (2:1.3.0.0.dfsg-3) unstable; urgency=low
 
   * Include 94_use_default_font_path.diff. This patch is like Eugene's patch
diff --git a/debian/patches/45_CVE-2007-2437.diff b/debian/patches/45_CVE-2007-2437.diff
new file mode 100644
index 0000000..17699e0
--- /dev/null
+++ b/debian/patches/45_CVE-2007-2437.diff
@@ -0,0 +1,37 @@
+From 71fc5b3e9309182978ead676965d65ca93a4e3b9 Mon Sep 17 00:00:00 2001
+From: Keith Packard <keithp@keithp.com>
+Date: Wed, 2 May 2007 11:41:11 +0200
+Subject: [PATCH] Fix for a divide by zero that can be triggered by a malicious client.
+
+Problem reported by Derek Abdine of rapid7.com. Thanks.
+---
+ fb/fbtrap.c         |    3 +++
+ render/renderedge.c |    1 +
+ 2 files changed, 4 insertions(+), 0 deletions(-)
+
+Index: xorg-server/fb/fbtrap.c
+===================================================================
+--- xorg-server.orig/fb/fbtrap.c	2007-05-09 02:16:04.000000000 +0200
++++ xorg-server/fb/fbtrap.c	2007-05-09 02:27:10.000000000 +0200
+@@ -115,6 +115,9 @@
+     RenderEdge	l, r;
+     xFixed	t, b;
+     
++    if (!xTrapezoidValid (trap))
++	return;
++
+     fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff);
+ 
+     width = pPicture->pDrawable->width;
+Index: xorg-server/render/renderedge.c
+===================================================================
+--- xorg-server.orig/render/renderedge.c	2007-05-09 02:16:04.000000000 +0200
++++ xorg-server/render/renderedge.c	2007-05-09 02:27:10.000000000 +0200
+@@ -143,6 +143,7 @@
+     dx = x_bot - x_top;
+     dy = y_bot - y_top;
+     e->dy = dy;
++    e->dx = 0;
+     if (dy)
+     {
+ 	if (dx >= 0)
diff --git a/debian/patches/series b/debian/patches/series
index 12f3434..e5b2a45 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,6 +16,7 @@
 34_xorg.conf_man_typos.patch
 39_alpha_build_flags.patch -p0
 44_fedora-xephyr-keysym-madness.diff
+45_CVE-2007-2437.diff
 91_ttf2pt1
 91_ttf2pt1_updates
 92_xprint-security-holes-fix.patch
Reply to: