[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freedesktop-xorg
Subject:    [ANNOUNCE] libXi 1.7.1.901
From:       Peter Hutterer <peter.hutterer () who-t ! net>
Date:       2013-06-26 22:53:56
Message-ID: 20130626225356.GA7063 () yabbi ! redhat ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


First and likely only RC for libXi 1.7.2. This one has a bunch of changes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various
integer overflows and other corruption that happens if we trust the server
a bit too much on the data we're being sent.

On top of those fixes, the sequence number in XI2 events is now set
propertly too (#64687).

Please test, if you find any issues let me know.

Alan Coopersmith (14):
      Expand comment on the memory vs. reply ordering in XIGetSelectedEvents()
      Use _XEatDataWords to avoid overflow of rep.length bit shifting
      Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3]
      memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3]
      unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3]
      integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8]
      integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8]
      integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8]
      integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8]
      integer overflow in XIGetProperty() [CVE-2013-1984 5/8]
      integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8]
      Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8]
      Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8]
      sign extension issue in XListInputDevices() [CVE-2013-1995]

Peter Hutterer (7):
      Copy the sequence number into the target event too (#64687)
      Don't overwrite the cookies serial number
      Fix potential corruption in mask_len handling
      Change size += to size = in XGetDeviceControl
      If the XGetDeviceDontPropagateList reply has an invalid length, return 0
      Include limits.h to prevent build error: missing INT_MAX
      libXi 1.7.1.901

git tag: libXi-1.7.1.901

http://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.1.901.tar.bz2
MD5:  8a775d5368c9fb64aa484fb320b0c82d  libXi-1.7.1.901.tar.bz2
SHA1: 5e77d6ea94bb2efb83a6b9fe0093fea75e38f321  libXi-1.7.1.901.tar.bz2
SHA256: 5248b643fc0b76fff978eefc0acdeee278407983cf7b6e371242e1b53ba32f7c  libXi-1.7.1.901.tar.bz2

http://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.1.901.tar.gz
MD5:  ac83d7276b9d36c9ccd69b7020396e66  libXi-1.7.1.901.tar.gz
SHA1: 9991d3ac73f002f98e0eb416fb725028b9b74e35  libXi-1.7.1.901.tar.gz
SHA256: c5ac9548070545b71d650f37b5fc2fd122f38d4e280729fe30abece2de5b693c  libXi-1.7.1.901.tar.gz


[Attachment #5 (application/pgp-signature)]

_______________________________________________
xorg@lists.x.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: http://lists.x.org/mailman/listinfo/xorg
Your subscription address: freedesktop-xorg@progressive-comp.com

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic