xorg-server: Changes to 'debian-squeeze'
debian/changelog | 6 ++++
debian/patches/24-CVE-2013-4396.diff | 44 +++++++++++++++++++++++++++++++++++
debian/patches/series | 1
3 files changed, 51 insertions(+)
New commits:
commit 4e7ebd354051c41a817ff7b23da3400936ce90e5
Author: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue Oct 22 00:13:44 2013 +0000
CVE-2013-4396
diff --git a/debian/changelog b/debian/changelog
index 0483e45..6efa612 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xorg-server (2:1.7.7-17) squeeze-security; urgency=low
+
+ * CVE-2013-4396
+
+ -- Moritz Muehlenhoff <jmm@debian.org> Tue, 22 Oct 2013 00:13:44 +0000
+
xorg-server (2:1.7.7-16) squeeze-security; urgency=high
* xfree86: fix flush input to work with Linux evdev devices. Avoids
diff --git a/debian/patches/24-CVE-2013-4396.diff b/debian/patches/24-CVE-2013-4396.diff
new file mode 100644
index 0000000..cc709ea
--- /dev/null
+++ b/debian/patches/24-CVE-2013-4396.diff
@@ -0,0 +1,44 @@
+diff -aur xorg-server-1.7.7.orig/dix/dixfonts.c xorg-server-1.7.7/dix/dixfonts.c
+--- xorg-server-1.7.7.orig/dix/dixfonts.c 2010-05-04 02:47:57.000000000 +0200
++++ xorg-server-1.7.7/dix/dixfonts.c 2013-10-04 13:09:22.000000000 +0200
+@@ -1508,6 +1508,7 @@
+ GC *pGC;
+ unsigned char *data;
+ ITclosurePtr new_closure;
++ ITclosurePtr old_closure;
+
+ /* We're putting the client to sleep. We need to
+ save some state. Similar problem to that handled
+@@ -1520,6 +1521,7 @@
+ err = BadAlloc;
+ goto bail;
+ }
++ old_closure = c;
+ *new_closure = *c;
+ c = new_closure;
+
+@@ -1527,6 +1529,7 @@
+ if (!data)
+ {
+ xfree(c);
++ c = old_closure;
+ err = BadAlloc;
+ goto bail;
+ }
+@@ -1538,6 +1541,7 @@
+ {
+ xfree(c->data);
+ xfree(c);
++ c = old_closure;
+ err = BadAlloc;
+ goto bail;
+ }
+@@ -1551,6 +1555,7 @@
+ FreeScratchGC(pGC);
+ xfree(c->data);
+ xfree(c);
++ c = old_closure;
+ err = BadAlloc;
+ goto bail;
+ }
+Nur in xorg-server-1.7.7/dix: dixfonts.c~.
diff --git a/debian/patches/series b/debian/patches/series
index 4e3310f..833b3ce 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@
21-device-mode-list.diff
22-stop-searching-for-xf86config-files
23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff
+24-CVE-2013-4396.diff
\ No newline at end of file
Reply to: