[Git][xorg-team/xserver/xorg-server][debian-buster] 2 commits: Fix XChangeFeedbackControl() request underflow

["Julien Cristau (@jcristau)" <jcristau@debian.org>]

Title: GitLab

Julien Cristau pushed to branch debian-buster at X Strike Force / xserver / xorg-server

Commits:

• dda3978c
  by Matthieu Herrb at 2021-04-19T11:30:24+02:00

  Fix XChangeFeedbackControl() request underflow
  
  CVE-2021-3472 / ZDI-CAN-1259
  
  This vulnerability was discovered by:
  Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
  
  Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
  (cherry picked from commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd)
  

• a34193d5
  by Julien Cristau at 2021-04-19T11:34:48+02:00

  Upload to stable-security
  

2 changed files:

• Xi/chgfctl.c
• debian/changelog

Changes:

Xi/chgfctl.c

---

...	...	@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
464	464	break;
465	465	case StringFeedbackClass:
466	466	{
467		- xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
	467	+ xStringFeedbackCtl *f;
468	468
	469	+ REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
	470	+ sizeof(xStringFeedbackCtl));
	471	+ f = ((xStringFeedbackCtl *) &stuff[1]);
469	472	if (client->swapped) {
470	473	if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
471	474	return BadLength;

debian/changelog

---

	1	+xorg-server (2:1.20.4-1+deb10u3) buster-security; urgency=high
	2	+
	3	+ * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472)
	4	+
	5	+ -- Julien Cristau <jcristau@debian.org> Mon, 19 Apr 2021 11:34:38 +0200
	6	+
1	7	xorg-server (2:1.20.4-1+deb10u2) buster-security; urgency=medium
2	8
3	9	* CVE-2020-14360 CVE-2020-25712

—
View it on GitLab.
You're receiving this email because of your account on salsa.debian.org. If you'd like to receive fewer emails, you can adjust your notification settings.