xorg-server: Changes to 'debian-squeeze'

To: debian-x@lists.debian.org
Subject: xorg-server: Changes to 'debian-squeeze'
From: Julien Cristau <jcristau@moszumanska.debian.org>
Date: Mon, 02 Dec 2013 10:41:18 +0000
Message-id: <[🔎] E1VnQwI-0007Cj-L1@moszumanska.debian.org>

 debian/changelog                     |    6 ++++
 debian/patches/24-CVE-2013-4396.diff |   44 +++++++++++++++++++++++++++++++++++
 debian/patches/series                |    1 
 3 files changed, 51 insertions(+)

New commits:
commit 4e7ebd354051c41a817ff7b23da3400936ce90e5
Author: Moritz Muehlenhoff <jmm@debian.org>
Date:   Tue Oct 22 00:13:44 2013 +0000

    CVE-2013-4396

diff --git a/debian/changelog b/debian/changelog
index 0483e45..6efa612 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xorg-server (2:1.7.7-17) squeeze-security; urgency=low
+
+  * CVE-2013-4396
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Tue, 22 Oct 2013 00:13:44 +0000
+
 xorg-server (2:1.7.7-16) squeeze-security; urgency=high
 
   * xfree86: fix flush input to work with Linux evdev devices.  Avoids
diff --git a/debian/patches/24-CVE-2013-4396.diff b/debian/patches/24-CVE-2013-4396.diff
new file mode 100644
index 0000000..cc709ea
--- /dev/null
+++ b/debian/patches/24-CVE-2013-4396.diff
@@ -0,0 +1,44 @@
+diff -aur xorg-server-1.7.7.orig/dix/dixfonts.c xorg-server-1.7.7/dix/dixfonts.c
+--- xorg-server-1.7.7.orig/dix/dixfonts.c	2010-05-04 02:47:57.000000000 +0200
++++ xorg-server-1.7.7/dix/dixfonts.c	2013-10-04 13:09:22.000000000 +0200
+@@ -1508,6 +1508,7 @@
+ 	    GC *pGC;
+ 	    unsigned char *data;
+ 	    ITclosurePtr new_closure;
++	    ITclosurePtr old_closure;
+ 
+ 	    /* We're putting the client to sleep.  We need to
+ 	       save some state.  Similar problem to that handled
+@@ -1520,6 +1521,7 @@
+ 		err = BadAlloc;
+ 		goto bail;
+ 	    }
++            old_closure = c;
+ 	    *new_closure = *c;
+ 	    c = new_closure;
+ 
+@@ -1527,6 +1529,7 @@
+ 	    if (!data)
+ 	    {
+ 		xfree(c);
++                c = old_closure;
+ 		err = BadAlloc;
+ 		goto bail;
+ 	    }
+@@ -1538,6 +1541,7 @@
+ 	    {
+ 		xfree(c->data);
+ 		xfree(c);
++                c = old_closure;
+ 		err = BadAlloc;
+ 		goto bail;
+ 	    }
+@@ -1551,6 +1555,7 @@
+ 		FreeScratchGC(pGC);
+ 		xfree(c->data);
+ 		xfree(c);
++                c = old_closure;
+ 		err = BadAlloc;
+ 		goto bail;
+ 	    }
+Nur in xorg-server-1.7.7/dix: dixfonts.c~.
diff --git a/debian/patches/series b/debian/patches/series
index 4e3310f..833b3ce 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@
 21-device-mode-list.diff
 22-stop-searching-for-xf86config-files
 23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff
+24-CVE-2013-4396.diff
\ No newline at end of file

Reply to:

Prev by Date: libxshmfence: Changes to 'debian-unstable'
Next by Date: libxshmfence: Changes to 'debian-unstable'
Previous by thread: libxshmfence: Changes to 'debian-unstable'
Next by thread: xorg-server: Changes to 'debian-squeeze'
Index(es):
- Date
- Thread