libxfixes: Changes to 'debian-jessie'
New branch 'debian-jessie' available with the following commits:
commit dbcea9fceb885ce42bc173a31dc6c176b7820e90
Author: Julien Cristau <jcristau@debian.org>
Date: Sat Jan 7 16:30:35 2017 +0100
Upload to jessie
commit 6e43fc2771e0ac0d90525a9f6502da1a0fc7f2a2
Author: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun Sep 25 22:38:44 2016 +0200
Integer overflow on illegal server response
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.
A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 61c1039ee23a2d1de712843bed3480654d7ef42e)
Reply to: