libxv: Changes to 'debian-jessie'

To: debian-x@lists.debian.org
Subject: libxv: Changes to 'debian-jessie'
From: Julien Cristau <jcristau@moszumanska.debian.org>
Date: Sat, 09 Sep 2017 11:29:29 +0000
Message-id: <[🔎] E1dqdx3-00068r-1z@moszumanska.debian.org>

New branch 'debian-jessie' available with the following commits:
commit e168a1f090cde69fe93d378abc5cebd9412c49d8
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Jan 7 16:38:57 2017 +0100

    Upload to jessie

commit ef38afdfe0cfc499596301667654f38881c16dd4
Author: Tobias Stoeckmann <tobias@stoeckmann.org>
Date:   Sun Sep 25 21:30:03 2016 +0200

    Protocol handling issues in libXv - CVE-2016-5407
    
    The Xv query functions for adaptors and encodings suffer from out of
    boundary accesses if a hostile X server sends a maliciously crafted
    response.
    
    A previous fix already checks the received length against fixed values
    but ignores additional length specifications which are stored inside
    the received data.
    
    These lengths are accessed in a for-loop. The easiest way to guarantee
    a correct processing is by validating all lengths against the
    remaining size left before accessing referenced memory.
    
    This makes the previously applied check obsolete, therefore I removed
    it.
    
    Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit d9da580b46a28ab497de2e94fdc7b9ff953dab17)

Reply to:

Prev by Date: Processing of libx11_1.6.2-3+deb8u1_amd64.changes
Next by Date: libxv: Changes to 'refs/tags/libxv-2_1.0.10-1+deb8u1'
Previous by thread: Processing of libx11_1.6.2-3+deb8u1_amd64.changes
Next by thread: libxv: Changes to 'refs/tags/libxv-2_1.0.10-1+deb8u1'
Index(es):
- Date
- Thread