Bug#840440: libxi: CVE-2016-7945 CVE-2016-7946

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#840440: libxi: CVE-2016-7945 CVE-2016-7946
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 11 Oct 2016 17:38:48 +0200
Message-id: <[🔎] 147620032875.13494.17337545528489318328.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 840440@bugs.debian.org

Source: libxi
Version: 2:1.7.4-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerabilities were published for libxi.

CVE-2016-7945[0]:
or all of the integer overflows

CVE-2016-7946[1]:
for all of the other mishandling of the reply data

Note there is an regression in the original fix.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7945
[1] https://security-tracker.debian.org/tracker/CVE-2016-7946

Regards,
Salvatore

Reply to:

Prev by Date: Bug#840439: libx11: CVE-2016-7942 CVE-2016-7943
Next by Date: Bug#840441: libxrandr: CVE-2016-7947 CVE-2016-7948
Previous by thread: Bug#840439: libx11: CVE-2016-7942 CVE-2016-7943
Next by thread: Bug#840441: libxrandr: CVE-2016-7947 CVE-2016-7948
Index(es):
- Date
- Thread