Bug#906012: libxcursor: CVE-2015-9262

To: Chris Lamb <lamby@debian.org>
Cc: 906012@bugs.debian.org, team@security.debian.org
Subject: Bug#906012: libxcursor: CVE-2015-9262
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 13 Aug 2018 13:41:27 +0200
Message-id: <[🔎] 20180813114127.6iqkdfdow3fj7dfd@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 906012@bugs.debian.org
In-reply-to: <[🔎] 1534144707.3108693.1472097392.3679B041@webmail.messagingengine.com>
References: <[🔎] 1534144707.3108693.1472097392.3679B041@webmail.messagingengine.com> <[🔎] 1534144288.3106836.1472094864.6CCC8480@webmail.messagingengine.com>

On Mon, Aug 13, 2018 at 08:18:27AM +0100, Chris Lamb wrote:
> Hi security team,
> 
> > libxcursor: CVE-2015-9262
> 
> I have prepared an update for stretch:
> 
>   libxcursor (1:1.1.14-1+deb9u2) stretch-security; urgency=high
> 
>    * Non-maintainer upload by the Security Team.
>    * Fix a denial of service or potentially code execution via
>      a one-byte heap overflow. (CVE-2015-9262) Closes: #906012)
> 
>   -- Chris Lamb <lamby@debian.org>  Mon, 13 Aug 2018 09:09:13 +0200
> 
> 
> Full debdiff attached. Permission to upload to stretch-security?

Looks fine, please upload to security-master.

Cheers,
        Moritz

Reply to:

References:
- Bug#906012: libxcursor: CVE-2015-9262
  - From: Chris Lamb <lamby@debian.org>
- Bug#906012: libxcursor: CVE-2015-9262
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Bug#906023: xserver-xorg-video-intel: RGB color range not restored after DPMS off
Next by Date: Bug#906031: xserver-xorg-core: Wrong path for GLX module with nvidia proprietary driver and xorg 1.20
Previous by thread: Bug#906012: marked as done (libxcursor: CVE-2015-9262)
Next by thread: Bug#906012: libxcursor: CVE-2015-9262
Index(es):
- Date
- Thread