qbit/xenocara
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5,708 Commits 1 Branch 0 Tags 396 MiB
dd04a74464
Commit Graph

26 Commits

Author SHA1 Message Date
matthieu
269364ad66 Integer overflow on illegal server response 
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.

A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
 2016-10-04 14:59:47 +00:00
matthieu
7a95b9000b Update to libXfixes 5.0.2. No functional changes. 2016-08-06 09:51:36 +00:00
matthieu
eb9a486a3e No NEWS is good NEWS - remove a bunch of files not present upstreams anymore 2015-05-10 09:51:55 +00:00
guenther
b5bb12998e Bump the major on every single base library. There are a couple 
not bumped by this that will be corrected soon.

heavy lifting by todd@
 2013-08-13 07:07:07 +00:00
bmercer
34bb22d576 Remove a merge artifact. 
OK matthieu
 2013-07-10 19:25:00 +00:00
matthieu
749e0e42fc Fix merge error 2013-05-31 16:34:18 +00:00
matthieu
a9e33f3bc3 Update to libXfixes 5.0.1 2013-05-31 14:57:02 +00:00
matthieu
52f6d0ba20 Merge upstream fixes for several X libs vulnerabilities 
discovered by Ilja van Sprundel.

CVE-2013-1981 X.org libX11 1.5.99.901 (1.6 RC1) integer overflows
CVE-2013-1982 X.org libXext 1.3.1 integer overflows
CVE-2013-1983 X.org libXfixes 5.0 integer overflows
CVE-2013-1984 X.org libXi 1.7.1 integer overflows
CVE-2013-1985 X.org libXinerama 1.1.2 integer overflows
CVE-2013-1986 X.org libXrandr 1.4.0 integer overflows
CVE-2013-1987 X.org libXrender 0.9.7 integer overflows
CVE-2013-1988 X.org libXRes 1.0.6 integer overflows
CVE-2013-1989 X.org libXv 1.0.7 integer overflows
CVE-2013-1990 X.org libXvMC 1.0.7 integer overflows
CVE-2013-1991 X.org libXxf86dga 1.1.3 integer overflows
CVE-2013-1992 X.org libdmx 1.1.2 integer overflows
CVE-2013-1994 X.org libchromeXvMC & libchromeXvMCPro in openChrome
0.3.2 integer overflows
CVE-2013-1995 X.org libXi 1.7.1 sign extension issues
CVE-2013-1996 X.org libFS 1.0.4 sign extension issues
CVE-2013-1997 X.org libX11 1.5.99.901 (1.6 RC1) buffer overflows
CVE-2013-1998 X.org libXi 1.7.1 buffer overflows
CVE-2013-1999 X.org libXvMC 1.0.7 buffer overflows
CVE-2013-2000 X.org libXxf86dga 1.1.3 buffer overflows
CVE-2013-2001 X.org libXxf86vm 1.1.2 buffer overflows
CVE-2013-2002 X.org libXt 1.1.3 buffer overflows
CVE-2013-2003 X.org libXcursor 1.1.13 integer overflows
CVE-2013-2004 X.org libX11 1.5.99.901 (1.6 RC1) unbounded recursion
CVE-2013-2005 X.org libXt 1.1.3 memory corruption
CVE-2013-2066 X.org libXv 1.0.7 buffer overflows
 2013-05-23 22:42:07 +00:00
matthieu
eabfe35559 Remove white space only diff with upstreams 2013-05-02 06:57:29 +00:00
matthieu
38a45bf16e Update to libXfixes 5.0 2011-04-17 15:16:24 +00:00
matthieu
47798031f8 Update to libXfixes 4.0.5 2010-07-17 15:21:59 +00:00
matthieu
4a77a82c79 update to libXfixes 4.0.4 2009-10-31 17:55:07 +00:00
matthieu
7830df18ed Regen with autoconf 2.59-p2, with AM_SANITY check zapped. 2008-03-15 18:08:24 +00:00
matthieu
8370179c25 regen 2007-07-29 10:50:16 +00:00
matthieu
930101c636 regen with libtool 1.5.22p10 and metaauto 0.7 2007-04-14 20:44:09 +00:00
matthieu
00a847b3f8 regen with libtool 1.5.22p9 2007-03-25 13:02:54 +00:00
matthieu
6637a9a36e regen with automake 1.9.6p2 2007-03-18 22:29:12 +00:00
matthieu
5954aa6578 regen 2007-03-15 23:28:08 +00:00
matthieu
854f5def06 Bump major of shared libs that depend on libX11 (which already got bumped). 
ok todd@
 2007-03-15 23:00:47 +00:00
matthieu
297e2a2989 These libraries need a version bump. 2006-12-02 17:58:21 +00:00
matthieu
cd9eb53273 regen 2006-11-28 19:02:33 +00:00
matthieu
b6a46a2b93 Try to prevent endless regeneration of Makefile.in caused to RCS Id expansion. 2006-11-28 11:48:11 +00:00
matthieu
882dc8459e regenerate with OpenBSD autotools 2006-11-27 12:40:38 +00:00
matthieu
e5ca1d526f regen with OpenBSD autotools 2006-11-26 13:42:42 +00:00
matthieu
ab5c078d6e Build infrastructure for lib 2006-11-26 12:07:34 +00:00
matthieu
606ceaa693 import from X.Org 7.2RC1 2006-11-25 16:46:32 +00:00