Bug#840441: libxrandr: CVE-2016-7947 CVE-2016-7948

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#840441: libxrandr: CVE-2016-7947 CVE-2016-7948
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 11 Oct 2016 17:43:22 +0200
Message-id: <[🔎] 147620060217.14290.5357964990399134754.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 840441@bugs.debian.org

Source: libxrandr
Version: 2:1.4.2-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerabilities were published for libxrandr.

CVE-2016-7947[0]:
for all of the integer overflows

CVE-2016-7948[1]:
for all of the other mishandling of the reply data

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7947
[1] https://security-tracker.debian.org/tracker/CVE-2016-7948

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: Bug#840440: libxi: CVE-2016-7945 CVE-2016-7946
Next by Date: Bug#840442: libxfixes: CVE-2016-7944
Previous by thread: Bug#840440: libxi: CVE-2016-7945 CVE-2016-7946
Next by thread: Bug#840442: libxfixes: CVE-2016-7944
Index(es):
- Date
- Thread