xserver-xorg-video-openchrome: Changes to 'debian-wheezy'
New branch 'debian-wheezy' available with the following commits:
commit 765b2c40e49320e4dd6925d4bad468a00f4b7560
Author: Julien Cristau <jcristau@debian.org>
Date: Wed May 15 20:54:35 2013 +0200
Upload to wheezy-security
commit 2ed7fd157e739dedeb72afe11ce1e5c3681a06f0
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 20:57:07 2013 -0700
integer overflow in uniDRIGetClientDriverName() in libchromeXvMC* [CVE-2013-1994 2/2]
clientDriverNameLength is a CARD32 and needs to be bounds checked before
adding one to it to come up with the total size to allocate, to avoid
integer overflow leading to underallocation and writing data from the
network past the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
commit 900f80af69e8d290acee686666fdb70732a8a3d8
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 20:49:43 2013 -0700
integer overflow in uniDRIOpenConnection() in libchromeXvMC* [CVE-2013-1994 1/2]
busIdStringLength is a CARD32 and needs to be bounds checked before adding
one to it to come up with the total size to allocate, to avoid integer
overflow leading to underallocation and writing data from the network past
the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reply to: