Bug#906012: libxcursor: CVE-2015-9262

To: 906012@bugs.debian.org
Cc: team@security.debian.org
Subject: Bug#906012: libxcursor: CVE-2015-9262
From: Chris Lamb <lamby@debian.org>
Date: Mon, 13 Aug 2018 08:18:27 +0100
Message-id: <[🔎] 1534144707.3108693.1472097392.3679B041@webmail.messagingengine.com>
Reply-to: Chris Lamb <lamby@debian.org>, 906012@bugs.debian.org
References: <[🔎] 1534144288.3106836.1472094864.6CCC8480@webmail.messagingengine.com>

Hi security team,

> libxcursor: CVE-2015-9262

I have prepared an update for stretch:

  libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high

   * Non-maintainer upload by the Security Team.
   * Fix a denial of service or potentially code execution via
     a one-byte heap overflow. (CVE-2015-9262) Closes: #906012)

  -- Chris Lamb <lamby@debian.org>  Mon, 13 Aug 2018 09:09:13 +0200


Full debdiff attached. Permission to upload to stretch-security?


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

diffstat for libxcursor_1.1.14-1+deb9u1 libxcursor_1.1.14-1+deb9u2

 debian/patches/CVE-2015-9262.patch      |   23 +++++++++++++++++++++++
 libxcursor-1.1.14/debian/changelog      |    8 ++++++++
 libxcursor-1.1.14/debian/patches/series |    1 +
 3 files changed, 32 insertions(+)

diff -u libxcursor-1.1.14/debian/changelog libxcursor-1.1.14/debian/changelog
--- libxcursor-1.1.14/debian/changelog
+++ libxcursor-1.1.14/debian/changelog
@@ -1,3 +1,11 @@
+libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix a denial of service or potentially code execution via
+    a one-byte heap overflow. (CVE-2015-9262) Closes: #906012)
+
+ -- Chris Lamb <lamby@debian.org>  Mon, 13 Aug 2018 09:09:13 +0200
+
 libxcursor (1:1.1.14-1+deb9u1) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -u libxcursor-1.1.14/debian/patches/series libxcursor-1.1.14/debian/patches/series
--- libxcursor-1.1.14/debian/patches/series
+++ libxcursor-1.1.14/debian/patches/series
@@ -1 +1,2 @@
+CVE-2015-9262.patch
 Fix-heap-overflows-when-parsing-malicious-files.-CVE.patch
only in patch2:
unchanged:
--- libxcursor-1.1.14.orig/debian/patches/CVE-2015-9262.patch
+++ libxcursor-1.1.14/debian/patches/CVE-2015-9262.patch
@@ -0,0 +1,23 @@
+commit 897213f36baf6926daf6d192c709cf627aa5fd05
+Author: shubham shrivastav <shubham.sh@samsung.com>
+Date:   Fri Jun 5 13:36:22 2015 -0700
+
+    Insufficient memory for terminating null of string in _XcursorThemeInherits
+
+    Fix does one byte of memory allocation for null termination of string.
+    https://bugs.freedesktop.org/show_bug.cgi?id=90857
+
+    Reviewed-by: Keith Packard <keithp@keithp.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+--- libxcursor-1.1.14.orig/src/library.c
++++ libxcursor-1.1.14/src/library.c
+@@ -180,7 +180,7 @@ _XcursorThemeInherits (const char *full)
+ 		if (*l != '=') continue;
+ 		l++;
+ 		while (*l == ' ') l++;
+-		result = malloc (strlen (l));
++		result = malloc (strlen (l) + 1);
+ 		if (result)
+ 		{
+ 		    r = result;

Reply to:

References:
- Bug#906012: libxcursor: CVE-2015-9262
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Bug#906012: libxcursor: CVE-2015-9262
Next by Date: Bug#906012: marked as done (libxcursor: CVE-2015-9262)
Previous by thread: Bug#906012: libxcursor: CVE-2015-9262
Next by thread: Bug#906012: marked as done (libxcursor: CVE-2015-9262)
Index(es):
- Date
- Thread