libxfixes: Changes to 'debian-wheezy'

To: debian-x@lists.debian.org
Subject: libxfixes: Changes to 'debian-wheezy'
From: Julien Cristau <jcristau@alioth.debian.org>
Date: Thu, 23 May 2013 18:59:02 +0000
Message-id: <E1Ufaj8-0002FA-B6@vasks.debian.org>

New branch 'debian-wheezy' available with the following commits:
commit c81e603e72452e1ce6e552d3b233dc000aa7386a
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue May 14 10:15:00 2013 +0200

    Upload to wheezy-security

commit c232971c7a1962cd7e0d46c38af6d237f568e69d
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 13 10:24:08 2013 -0700

    integer overflow in XFixesGetCursorImage() [CVE-2013-1983]
    
    If the reported cursor dimensions or name length are too large, the
    calculations to allocate memory for them may overflow, leaving us
    writing beyond the bounds of the allocation.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Signed-off-by: Julien Cristau <jcristau@debian.org>

commit 0ffaf2df79d9977d091f9b427baa8fb9bdc8ef42
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 13 10:20:59 2013 -0700

    Use _XEatDataWords to avoid overflow of _XEatData calculations
    
    rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Signed-off-by: Julien Cristau <jcristau@debian.org>

Reply to:

Prev by Date: libxext: Changes to 'debian-wheezy'
Next by Date: libxext: Changes to 'refs/tags/libxext-2_1.3.1-2+deb7u1'
Previous by thread: libxext: Changes to 'debian-wheezy'
Next by thread: libxext: Changes to 'refs/tags/libxext-2_1.3.1-2+deb7u1'
Index(es):
- Date
- Thread