Package: libxi6 Version: 2:1.3-6 Severity: important Tags: upstream patch libXi can cause heap corruption if it receices unknown device classes in input devices, as it does not allocate any space to unknown classes, yet it stores type and ID information of that class. If the unknown classes are at the end of the list, 8 bytes following the allocated class info block are corrupted.
This behaviour is observable with current X servers in experimental. As heap corruption is a security problem (malign X servers could try to exploit client code using Xinput2), fixing this bug might be eligible for a stable update. Commit http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=635c2c029b1e73311c3f650bcaf7eeb9e782134b fixes the problem and applies (with offset and fuzz, though). Regards, Michael Karcher -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i586) Kernel: Linux 2.6.32-5-486 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libxi6 depends on: ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar libxi6 recommends no packages. libxi6 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120218225534.10074.7261.reportbug@marathon.karcher.local
