[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libx11: Changes to 'refs/tags/libx11-2_1.3.3-4+squeeze1'

Tag 'libx11-2_1.3.3-4+squeeze1' created by Julien Cristau <jcristau@debian.org> at 2013-05-21 20:59 +0000

Tagging upload of libx11 2:1.3.3-4+squeeze1 to squeeze-security.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAABCAAGBQJRm+A9AAoJEDEBgAUJBeQMewIP/jbPSFHmS8t7mq3C//3yczWO
2REVOOUu7iq29ouiRfK0ob45ySBOJgHDl8tpM/5FNAB0FEVazm+v/8rWDvqYvvPX
ccENLZa7MBD9GAxqzn9pzxKL1fK0naU37syu8K6F02SdKTwvdwb4v1Ij2PO23xtj
mxCcOv7MMaCWoAzI8OHTg88277kP8Kes0fzX6dUSLfQX3Z1LxO/mTbOLynkZd/y0
uEaAO53ZYjWrVhD2+oe7QvvoRMVzMZdtZdqQqArHvmDAOXRAz3AEDDiPx+Xpq6ay
0f9dy35j1yIFVK2ihsvxubLVV53cPuGl8iiZJJ9oeVuKSZ1mLTFg5mkHb4oTKG9a
MasiADC7DUj5K6Xf6v42Vl7ihp1GlcILwPuCFfG+qZw/EaCglb1Ssgn8ev3reLem
A2yfMotPcmkG4p/zMPyUtxHr8I7s0oQM5TTKM6kCukRJg9vJLAkRSCd9ox5JDHr9
rvSx4zhiN2zxxZE1/s5pQjBLw9vnUG3BYiKMOacmqNWD18l9X49jYR1XRhVCpjH6
7Y/8AzwuttYExpx7w3sUtFeB+3NPJqov6bPY0UdRVN2xyiml9nYAn2UsEvz6lSPe
2f3nGEN4sz0ughVqGzromvEZK/LzcabZhpFRpy7TloGYa4LvrQiPE6CUc7cqdS7x
q58w4abxeBG4F3BJ6F9c
=O94z
-----END PGP SIGNATURE-----

Changes since libx11-2_1.3.3-4:
Alan Coopersmith (38):
      Move repeated #ifdef magic to find PATH_MAX into a common header
      Add _XEatDataWords to discard a given number of 32-bit words of reply data
      integer overflow in _XQueryFont() on 32-bit platforms [CVE-2013-1981 1/13]
      integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]
      integer overflow in XListFontsWithInfo() [CVE-2013-1981 3/13]
      integer overflow in XGetMotionEvents() [CVE-2013-1981 4/13]
      integer overflow in XListHosts() [CVE-2013-1981 5/13]
      unvalidated lengths in XAllocColorCells() [CVE-2013-1997 1/15]
      unvalidated index in _XkbReadGetDeviceInfoReply() [CVE-2013-1997 2/15]
      unvalidated indexes in _XkbReadGeomShapes() [CVE-2013-1997 3/15]
      unvalidated indexes in _XkbReadGetGeometryReply() [CVE-2013-1997 4/15]
      unvalidated index in _XkbReadKeySyms() [CVE-2013-1997 5/15]
      unvalidated index in _XkbReadKeyActions() [CVE-2013-1997 6/15]
      unvalidated index in _XkbReadKeyBehaviors() [CVE-2013-1997 7/15]
      unvalidated index in _XkbReadModifierMap() [CVE-2013-1997 8/15]
      unvalidated index in _XkbReadExplicitComponents() [CVE-2013-1997 9/15]
      unvalidated index in _XkbReadVirtualModMap() [CVE-2013-1997 10/15]
      unvalidated index/length in _XkbReadGetNamesReply() [CVE-2013-1997 11/15]
      unvalidated length in _XimXGetReadData() [CVE-2013-1997 12/15]
      Integer overflows in stringSectionSize() cause buffer overflow in ReadColornameDB() [CVE-2013-1981 6/13]
      integer overflow in ReadInFile() in Xrm.c [CVE-2013-1981 7/13]
      Unbounded recursion in GetDatabase() when parsing include files [CVE-2013-2004 1/2]
      Unbounded recursion in _XimParseStringFile() when parsing include files [CVE-2013-2004 2/2]
      integer truncation in _XimParseStringFile() [CVE-2013-1981 8/13]
      ximcp: Prevent memory leak & double free if multiple %L in string
      integer overflows in TransFileName() [CVE-2013-1981 9/13]
      integer overflow in XGetWindowProperty() [CVE-2013-1981 10/13]
      integer overflow in XGetImage() [CVE-2013-1981 11/13]
      integer overflow in XGetPointerMapping() & XGetKeyboardMapping() [CVE-2013-1981 12/13]
      integer overflow in XGetModifierMapping() [CVE-2013-1981 13/13]
      Avoid overflows in XListFonts() [CVE-2013-1997 13/15]
      Avoid overflows in XGetFontPath() [CVE-2013-1997 14/15]
      Avoid overflows in XListExtensions() [CVE-2013-1997 15/15]
      Make XGetWindowProperty() always initialize returned values
      Convert more _XEatData callers to _XEatDataWords
      Use calloc in XOpenDisplay to initialize structs containing pointers
      _XkbReadGetMapReply: reject maxKeyCodes smaller than the minKeyCode
      Give GNU & Solaris Studio compilers hints about XEatData branches

Erkki Seppälä (1):
      Xrm: Handle the extremely unlikely situation of fstat failing

Julien Cristau (3):
      Hide _XEatDataWords
      Add a couple fixups for the security patches
      Upload to squeeze-security

Matthieu Herrb (1):
      XListFontsWithInfo: Re-decrement flist[0] before calling free() on it.

Nickolai Zeldovich (1):
      XListFontsWithInfo: avoid accessing realloc'ed memory

---
 debian/changelog                           |   10 ++
 debian/patches/001_hide_xeatdatawords.diff |   33 +++++++
 debian/patches/002_security_fixups.diff    |   43 ++++++++++
 debian/patches/series                      |    2 
 include/X11/Xlibint.h                      |   18 ++++
 modules/im/ximcp/Makefile.am               |    1 
 modules/im/ximcp/imLcPrs.c                 |   73 +++++++++++++----
 modules/im/ximcp/imTrX.c                   |    2 
 src/AllCells.c                             |    9 +-
 src/Font.c                                 |   77 +++++++++++-------
 src/FontInfo.c                             |  120 ++++++++++++++---------------
 src/FontNames.c                            |   35 +++++---
 src/GetAtomNm.c                            |    4 
 src/GetDflt.c                              |   25 ------
 src/GetFPath.c                             |   36 +++++---
 src/GetImage.c                             |   12 +-
 src/GetMoEv.c                              |   26 ++----
 src/GetPntMap.c                            |   31 ++++---
 src/GetProp.c                              |   33 +++++--
 src/LiHosts.c                              |   22 +++--
 src/LiICmaps.c                             |    8 -
 src/LiProps.c                              |    8 -
 src/ListExt.c                              |   36 +++++---
 src/Makefile.am                            |    1 
 src/ModMap.c                               |   13 ++-
 src/OpenDis.c                              |   15 +--
 src/QuColors.c                             |   10 +-
 src/QuTree.c                               |    8 -
 src/Xrm.c                                  |   30 +++++--
 src/XrmI.h                                 |    4 
 src/pathmax.h                              |   82 +++++++++++++++++++
 src/xcb_io.c                               |   17 ++++
 src/xcms/cmsColNm.c                        |   27 +++++-
 src/xkb/XKBExtDev.c                        |    6 +
 src/xkb/XKBGeom.c                          |   15 ++-
 src/xkb/XKBGetMap.c                        |   33 +++++++
 src/xkb/XKBNames.c                         |    2 
 src/xlibi18n/lcFile.c                      |   24 -----
 38 files changed, 648 insertions(+), 303 deletions(-)
---
Reply to: