Source: wayland Version: 1.6.0-1 Severity: important Tags: patch security upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=103961
Hi, the following vulnerability was published for wayland. CVE-2017-16612[0]: | libXcursor before 1.1.15 has various integer overflows that could lead | to heap buffer overflows when processing malicious cursors, e.g., with | programs like GIMP. It is also possible that an attack vector exists | against the related code in cursor/xcursor.c in Wayland through | 1.14.0. Note, I asked MITRE for advice if the CVE should apply as well to wayland leading to the above updated description. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-16612 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612 [1] https://bugs.freedesktop.org/show_bug.cgi?id=103961 [2] https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38 [3] https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
