[Ubuntu-x-swat] [Bug 1687981] Re: Backport packages for 16.04.3 HWE stack

Launchpad Bug Tracker Wed, 26 Jul 2017 13:59:20 -0700

This bug was fixed in the package xorg-server-hwe-16.04 -
2:1.19.3-1ubuntu1~16.04.2


---------------
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.2) xenial; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution in endianness
    conversion of X Events
    - debian/patches/CVE-2017-10971-1.patch: do not try to swap
      GenericEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-2.patch: verify all events in
      ProcXSendExtensionEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
      SendEvent request in dix/events.c, dix/swapreq.c.
    - CVE-2017-10971
  * SECURITY UPDATE: information leak in XEvent handling
    - debian/patches/CVE-2017-10972.patch: zero target buffer in
      SProcXSendExtensionEvent in Xi/sendexev.c.
    - CVE-2017-10972

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Tue, 25 Jul 2017
09:04:30 -0400

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to mesa in Ubuntu.
https://bugs.launchpad.net/bugs/1687981

Title:
  Backport packages for 16.04.3 HWE stack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libclc/+bug/1687981/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~ubuntu-x-swat
Post to     : ubuntu-x-swat@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-x-swat
More help   : https://help.launchpad.net/ListHelp

[Ubuntu-x-swat] [Bug 1687981] Re: Backport packages for 16.04.3 HWE stack

Reply via email to