[ubuntu/artful-proposed] xorg-server 2:1.19.3-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jul 18 13:42:13 UTC 2017 

xorg-server (2:1.19.3-1ubuntu3) artful; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution in endianness
    conversion of X Events
    - debian/patches/CVE-2017-10971-1.patch: do not try to swap
      GenericEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-2.patch: verify all events in
      ProcXSendExtensionEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
      SendEvent request in dix/events.c, dix/swapreq.c.
    - CVE-2017-10971
  * SECURITY UPDATE: information leak in XEvent handling
    - debian/patches/CVE-2017-10972.patch: zero target buffer in
      SProcXSendExtensionEvent in Xi/sendexev.c.
    - CVE-2017-10972

Date: Mon, 17 Jul 2017 09:34:04 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xorg-server/2:1.19.3-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 17 Jul 2017 09:34:04 -0400
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-common xmir xserver-xorg-xmir xorg-server-source xwayland xserver-xorg-legacy
Architecture: source
Version: 2:1.19.3-1ubuntu3
Distribution: artful
Urgency: medium
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 xdmx       - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xmir       - Xmir X server
 xnest      - Nested X server
 xorg-server-source - Xorg X server - source files
 xserver-common - common files used by various X servers
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xserver-xorg-xmir - Xmir X server (transitional package)
 xvfb       - Virtual Framebuffer 'fake' X server
 xwayland   - Xwayland X server
Changes:
 xorg-server (2:1.19.3-1ubuntu3) artful; urgency=medium
 .
   * SECURITY UPDATE: DoS and possible code execution in endianness
     conversion of X Events
     - debian/patches/CVE-2017-10971-1.patch: do not try to swap
       GenericEvent in Xi/sendexev.c.
     - debian/patches/CVE-2017-10971-2.patch: verify all events in
       ProcXSendExtensionEvent in Xi/sendexev.c.
     - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
       SendEvent request in dix/events.c, dix/swapreq.c.
     - CVE-2017-10971
   * SECURITY UPDATE: information leak in XEvent handling
     - debian/patches/CVE-2017-10972.patch: zero target buffer in
       SProcXSendExtensionEvent in Xi/sendexev.c.
     - CVE-2017-10972
Checksums-Sha1:
 3fbaa209c0ebc578a1d231b6cdb0fddcc0d8d1db 5092 xorg-server_1.19.3-1ubuntu3.dsc
 93733a1eaabc26a8328828bb5f6ce74d89f7bffb 318451 xorg-server_1.19.3-1ubuntu3.diff.gz
 191f74942703147a858d4643d615687d10edaf03 13252 xorg-server_1.19.3-1ubuntu3_source.buildinfo
Checksums-Sha256:
 168610d204919216e5597659f505013bdbe943cc285b21b77ab5d4174e072500 5092 xorg-server_1.19.3-1ubuntu3.dsc
 c547583badc65227f0b70c1d60536082541ea19c697aef3caea0487282eeddd6 318451 xorg-server_1.19.3-1ubuntu3.diff.gz
 4a1b267209615dc7afe7e7fe07b839bc219890227470d091fc8f8ffb4f7361e8 13252 xorg-server_1.19.3-1ubuntu3_source.buildinfo
Files:
 27db1556afce3fc115565a9896cd6766 5092 x11 optional xorg-server_1.19.3-1ubuntu3.dsc
 b495e7be7a7f4f9957fd74ef931b9a13 318451 x11 optional xorg-server_1.19.3-1ubuntu3.diff.gz
 39a9f65bc8f6a6a264b2f90fd4ef4f1e 13252 x11 optional xorg-server_1.19.3-1ubuntu3_source.buildinfo
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZbg6/AAoJEGVp2FWnRL6Th60P/0myDX0xG2FaXGe/osvfMLqz
MfYCZfCrWTOZ8WrLF6zukJ9J4jbkzcv/YQatH+jLLcVlBEK2j4Fu+fbUKDXIgJXB
1vciLhIDdVB0WJJTicD7/EMq8pfbcMabnJEwvZ2aGEpRe96SQTefKv/TE/3YgXoi
aoF/KpZzVvnE1npg8YYJwpW1c2/et4RJvrFKvIuf2STN7PGlfKN1kng45+LB/j2Z
hdAMtoqx9xgqKV/l+st4srpFHXvQqMYt5vLP377VmydrLdtuUIVleGCoX8rvohxd
99SHSwU5NwLCqD+wlgfN4jYLPxoTcgRyJmnmigx4xOxCw+t6Mk7ClGzHYi9QKBy0
Av8dFbT7Vz27M2Mye7mR4cC3kHoyWuri9Q6Z4T1xvfed6QfQcXiXPHcDj1jMihYA
/Nrhw/kQQmSE57nuuJGwj6dhAGg1gAEA7C6dCqYAGZ8KIHEotpRS8WxQMWgqJl1r
o+KLbxdVoonrwGFj+4nFWOLMTJL2EZbDCgF9PBfyONQtfADsPoKe24DDaYT0fpqM
OnEkItTvRc3xgZj1mqhlxKIRhv+e2O8/qQgZYB57J9mbajUiJ3s8M2oQUK4vEpY2
Ekr3ptZrRjg2I2gQ7TImeklPJTjdxwiIzjiF8xJfd4A/9FiMo4hFwqAUCVcKz0wz
GsttuDb860hbf3jRVIK/
=xFWt
-----END PGP SIGNATURE-----

More information about the Artful-changes mailing list