On Thu, 7 Apr 2022 at 10:21, Marc-André Lureau <marcandre.lur...@gmail.com> wrote: > > > > On Thu, Apr 7, 2022 at 12:23 PM Mauro Matteo Cascella <mcasc...@redhat.com> > wrote: >> >> Prevent potential integer overflow by limiting 'width' and 'height' to >> 512x512. Also change 'datasize' type to size_t. Refer to security >> advisory https://starlabs.sg/advisories/22-4206/ for more information. >> >> Fixes: CVE-2021-4206 > > > (the Starlabs advisory has 2022, I guess it's wrong then) > >> Signed-off-by: Mauro Matteo Cascella <mcasc...@redhat.com> > > > Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Does this fix (or any of the other cursor-related stuff I've seen floating past) need to go into 7.0 ? (ie is it release-critical?) thanks -- PMM
