xorg-server: Changes to 'refs/tags/xorg-server-2_1.12.4-6+deb7u8'
Tag 'xorg-server-2_1.12.4-6+deb7u8' created by Emilio Pozuelo Monfort <pochu@debian.org> at 2017-11-22 23:39 +0000
Tagging upload of xorg-server 2:1.12.4-6+deb7u8 to wheezy-security.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAloWCq0ACgkQnUbEiOQ2
gwJ/Tg/+IkIHykrWW1zguvHsXYK99jGt9HEGPcrrwxqgnJPYWyOyZGbCJbC7iWWn
rLfSIrrzgaTHTsoBBGFeM973X+aZwsLEEbxSiV+J/b7N2Cx2mejiPyZjgxxNDUvf
vlVy/vrxhJsyNz8E5GQ1h6Y8y47FVTkeJTbbFNZKJT2TezRFjfl8O/JUsHWE7vLs
a22S/imcyWs5K3/TnQkPGeAnT5GchvCsQ2Kh3u/I5P9ZNLvz4Bd/mp/Fv0I44+Xw
OCsnGRAWgySlKSrs1g7Jx7Hi/UwHdFCIeGP9KFWLK4L/oChlLrPxzYxYYxWOpCO+
BEbxMCi+D6BusurSxxHtD8bflk1vxrvVoYf/eYO6WGsYFDgKC0fT0bWIvW5HQf4J
iiV13x7GkkQRyWHw/cVxpyeNcXyvkjsIIWzj+fTxhZkevB78Ih59udKa9FI1fRR3
HoW4pzUCIA/zgqX07XkkLvtrIPw5b6IyThDOL0vMWFcAQUeYkICP9n39+V9KpjFg
C0RjAcbLzV/EckCdYHxdnsmZs7e/cFBxU141Sag89DeUdHxldabevJGXjYZ8269j
Zd2Vue/mDgnTZIc6HT+VvZMCTIi1edsNiCwDZRFu/Z5drqWZtCsNab4YvX4Rxk9L
nt3q1PYQ3EhyQsDfS5JM/XQvarmXqdtVinltgOG/ofc9EzRPtVg=
=0KVx
-----END PGP SIGNATURE-----
Changes since xorg-server-2_1.12.4-6+deb7u2:
Emilio Pozuelo Monfort (4):
Import deb7u3..deb7u7
Patches for CVE-2017-12178 and CVE-2017-12177
Update changelog
Release to wheezy-security
Keith Packard (1):
xkb: Handle xkb formated string output safely (CVE-2017-13723)
Matthieu Herrb (1):
Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES CVE-2017-2624
Michal Srb (2):
os: Make sure big requests have sufficient length.
xkb: Escape non-printable characters correctly.
Nathan Kidd (4):
Unvalidated lengths
xfixes: unvalidated lengths (CVE-2017-12183)
hw/xfree86: unvalidated lengths
Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
Tobias Stoeckmann (1):
render: Fix out of boundary heap access
---
Xext/panoramiX.c | 3
Xext/saver.c | 2
Xext/xvdisp.c | 4
configure.ac | 2
debian/changelog | 61
debian/patches/0001-Xi-Silence-some-tautological-warnings.patch | 49
debian/patches/0002-Xi-fix-wrong-extra-length-check-in-ProcXIChangeHiera.patch | 33
debian/patches/0003-dbe-Unvalidated-variable-length-request-in-ProcDbeGe.patch | 45
debian/patches/16_CVE-2014-mult.diff | 3387 ++++++++++
debian/patches/17_CVE-regressions.diff | 26
debian/patches/CVE-2017-10971.patch | 91
debian/patches/CVE-2017-10972.patch | 31
debian/patches/dix-Allow-zero-height-PutImage-requests.diff | 31
debian/patches/series | 10
debian/patches/xkb-Check-strings-length-against-request-size.diff | 136
debian/patches/xkb-Dont-swap-XkbSetGeometry-data-in-the-input-buffer.diff | 101
dix/dispatch.c | 7
hw/dmx/dmxpict.c | 2
hw/xfree86/dixmods/extmod/xf86vmode.c | 129
hw/xfree86/dri/xf86dri.c | 1
hw/xquartz/pseudoramiX.c | 3
include/dix-config.h.in | 3
include/os.h | 5
os/io.c | 5
os/mitauth.c | 2
os/timingsafe_memcmp.c | 45
render/render.c | 7
xfixes/cursor.c | 5
xfixes/region.c | 3
xfixes/saveset.c | 1
xfixes/xfixes.c | 1
xkb/xkbtext.c | 42
32 files changed, 4185 insertions(+), 88 deletions(-)
---
Reply to: