libxvmc: Changes to 'debian-wheezy'
debian/changelog | 6 ++++++
src/XvMC.c | 6 +++---
2 files changed, 9 insertions(+), 3 deletions(-)
New commits:
commit 9434b7e61ddc32385033b99cc17a8f70f64fab94
Author: Julien Cristau <jcristau@debian.org>
Date: Fri May 24 07:51:02 2013 +0200
Upload to wheezy-security
diff --git a/debian/changelog b/debian/changelog
index 3be8bb2..6cb788e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libxvmc (2:1.0.7-1+deb7u2) wheezy-security; urgency=high
+
+ * Fix regression in CVE-2013-1999 fix. Thanks to Dave Airlie and Al Viro.
+
+ -- Julien Cristau <jcristau@debian.org> Fri, 24 May 2013 07:50:50 +0200
+
libxvmc (2:1.0.7-1+deb7u1) wheezy-security; urgency=high
* integer overflows calculating memory needs for replies [CVE-2013-1990]
commit 748902f2ea5df723d238a0accdfd66cb77161725
Author: Dave Airlie <airlied@redhat.com>
Date: Fri May 24 14:47:30 2013 +1000
Multiple unvalidated patches in CVE-2013-1999
Al Viro pointed out that Debian started segfaulting in Xine for him,
Reported-by: Al Viro
Signed-off-by: Dave Airlie <airlied@redhat.com>
(cherry picked from commit 8c164524d229adb6141fdac8336b3823e7fe1a5d)
diff --git a/src/XvMC.c b/src/XvMC.c
index cb42487..74c8b85 100644
--- a/src/XvMC.c
+++ b/src/XvMC.c
@@ -585,15 +585,15 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port,
if (*name && *busID && tmpBuf) {
_XRead(dpy, tmpBuf, realSize);
strncpy(*name,tmpBuf,rep.nameLen);
- name[rep.nameLen - 1] = '\0';
+ (*name)[rep.nameLen - 1] = '\0';
strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen);
- busID[rep.busIDLen - 1] = '\0';
+ (*busID)[rep.busIDLen - 1] = '\0';
XFree(tmpBuf);
} else {
XFree(*name);
*name = NULL;
XFree(*busID);
- *name = NULL;
+ *busID = NULL;
XFree(tmpBuf);
_XEatDataWords(dpy, rep.length);
Reply to: