Tag 'xorg-server-2_1.19.2-1+deb9u2' created by Julien Cristau
<jcris...@debian.org> at 2017-10-16 07:36 +0000
Tagging upload of xorg-server 2:1.19.2-1+deb9u2 to stretch-security.
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlnkYYIUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z63jrRAAn5yHUpZXuOmZCE2xE4Tk5oRaSTLF
NAdOGOW5eyjIEgHoHDgex5h5Srm9BXn/CjS4ccXBoFrn/3LNKWRTNZMYymenXMFa
0JkNReBTNVdMTjUlezZort6VlrMuo8BZLoQcFy90Bd01QhMoT5bcFQcyFeJ37z1a
//HfkrZuevFAYF8b1x05fgtPwMxV884vaQiXS3k+2HnA4Kn0spA50xirRXEkbhu4
/jRI96RJ1dumjjuY298p16Eo8yooMgpdZWIENtG3lDnJ8PfHLqSLqJpUyYKmX7O2
YGB7uJ3fjjrdKzM+5A0fS6D8TiNmNt9yh0ZJDCgrjwIDSc505UVe/fPMFWiaDcXM
3W4Ag92KNPUJR9TbqyHFGQ4O/hmTswg8a3mKYhQMWdduWD8NrT6uFzZXVIgol19F
fjiXTZqpAGBwtKXherR4I9wSBdVenWJs4tf9xW3DsaHqM+dJGtikNKVt9PVXmugW
1BBmSXZMMAbfPwmhYw8w7508QqjFQthNFdRi6r4+R6PjHHqhoqqr16J38LaP2idb
xhaH/Qn7BmHxUdjSdpQksYgCdtvoghN69HAb5qI9dwaur+4zHgHQI7lPpY5SUvM6
Vo7KaN5H9b/7Kg9zqvoRbmTahG0v1Lj6nhevYQnhDBTh1vYRcZ5oRL0kgwiekzUI
SExdcVGPbvmPjBs=
=x+/D
-----END PGP SIGNATURE-----
Changes since xorg-server-2_1.19.2-1:
Julien Cristau (4):
Import 2:1.19.2-1+deb9u1 security update
Update changelog
Update changelog
Upload to stretch-security
Keith Packard (1):
xkb: Handle xkb formated string output safely (CVE-2017-13723)
Michal Srb (4):
Xi: Test exact size of XIBarrierReleasePointer
Xext/shm: Validate shmseg resource id (CVE-2017-13721)
xkb: Escape non-printable characters correctly.
os: Make sure big requests have sufficient length.
Nathan Kidd (7):
Unvalidated lengths
xfixes: unvalidated lengths (CVE-2017-12183)
hw/xfree86: unvalidated lengths
Xi: integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer
Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo
(CVE-2017-12177)
Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
Tobias Stoeckmann (1):
render: Fix out of boundary heap access
---
Xext/panoramiX.c |
3
Xext/saver.c |
2
Xext/shm.c |
1
Xext/vidmode.c |
129 +++++-----
Xext/xres.c |
4
Xext/xvdisp.c |
4
Xi/xibarriers.c |
12
Xi/xichangehierarchy.c |
2
dbe/dbe.c |
5
debian/changelog |
36 ++
debian/patches/07_dix-Disallow-GenericEvent-in-SendEvent-request.patch |
70 +++++
debian/patches/08_Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch |
49 +++
debian/patches/09_Xi-Do-not-try-to-swap-GenericEvent.patch |
44 +++
debian/patches/10_Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch |
38 ++
debian/patches/series |
4
dix/dispatch.c |
7
hw/dmx/dmxpict.c |
2
hw/xfree86/common/xf86DGA.c |
81 +++---
hw/xfree86/dri/xf86dri.c |
1
os/io.c |
5
pseudoramiX/pseudoramiX.c |
3
render/render.c |
7
xfixes/cursor.c |
5
xfixes/region.c |
3
xfixes/saveset.c |
1
xfixes/xfixes.c |
1
xkb/xkbtext.c |
42 +--
27 files changed, 435 insertions(+), 126 deletions(-)
---
