libxtst: Changes to 'debian-wheezy'

To: debian-x@lists.debian.org
Subject: libxtst: Changes to 'debian-wheezy'
From: Julien Cristau <jcristau@alioth.debian.org>
Date: Thu, 23 May 2013 18:59:13 +0000
Message-id: <E1UfajJ-0002L2-EC@vasks.debian.org>

New branch 'debian-wheezy' available with the following commits:
commit 288326f60ffb199b80ce04bcbd660d29ecd59e64
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue May 14 20:13:08 2013 +0200

    Upload to wheezy-security

commit b10c9b6464f946e25903b4b685de67ad4f1e7ede
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 13 11:27:26 2013 -0700

    integer overflow in XRecordGetContext() [CVE-2013-2063]
    
    The nclients and nranges members of the reply are both CARD32 and need
    to be bounds checked before multiplying by the size of the structs to
    avoid integer overflow leading to underallocation and writing data from
    the network past the end of the allocated buffer.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Signed-off-by: Julien Cristau <jcristau@debian.org>

commit a99dc41bfcd46ff404d654616b4e3e97ac1d71a4
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Apr 13 11:05:27 2013 -0700

    Use _XEatDataWords to eat data in error cases
    
    Avoids having to do calculcations based on response contents
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Signed-off-by: Julien Cristau <jcristau@debian.org>

Reply to:

Prev by Date: libxt: Changes to 'debian-wheezy'
Next by Date: libxt: Changes to 'refs/tags/libxt-1_1.1.3-1+deb7u1'
Previous by thread: libxt: Changes to 'debian-wheezy'
Next by thread: libxt: Changes to 'refs/tags/libxt-1_1.1.3-1+deb7u1'
Index(es):
- Date
- Thread