Bug#840440: libxi: CVE-2016-7945 CVE-2016-7946
Source: libxi
Version: 2:1.7.4-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for libxi.
CVE-2016-7945[0]:
or all of the integer overflows
CVE-2016-7946[1]:
for all of the other mishandling of the reply data
Note there is an regression in the original fix.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7945
[1] https://security-tracker.debian.org/tracker/CVE-2016-7946
Regards,
Salvatore
Reply to: