[ubuntu/xenial-proposed] xorg-server-hwe-16.04 2:1.19.3-1ubuntu1~16.04.2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Jul 25 13:27:50 UTC 2017
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.2) xenial; urgency=medium
* SECURITY UPDATE: DoS and possible code execution in endianness
conversion of X Events
- debian/patches/CVE-2017-10971-1.patch: do not try to swap
GenericEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-2.patch: verify all events in
ProcXSendExtensionEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/patches/CVE-2017-10972.patch: zero target buffer in
SProcXSendExtensionEvent in Xi/sendexev.c.
- CVE-2017-10972
Date: Tue, 25 Jul 2017 09:04:30 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xorg-server-hwe-16.04/2:1.19.3-1ubuntu1~16.04.2
-------------- next part --------------
Format: 1.8
Date: Tue, 25 Jul 2017 09:04:30 -0400
Source: xorg-server-hwe-16.04
Binary: xserver-xorg-core-hwe-16.04 xserver-xorg-dev-hwe-16.04 xserver-xephyr-hwe-16.04 xserver-xorg-core-hwe-16.04-dbg xmir-hwe-16.04 xorg-server-source-hwe-16.04 xwayland-hwe-16.04 xserver-xorg-legacy-hwe-16.04
Architecture: source
Version: 2:1.19.3-1ubuntu1~16.04.2
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
xmir-hwe-16.04 - Xmir X server
xorg-server-source-hwe-16.04 - Xorg X server - source files
xserver-xephyr-hwe-16.04 - nested X server
xserver-xorg-core-hwe-16.04 - Xorg X server - core server
xserver-xorg-core-hwe-16.04-dbg - Xorg - the X.Org X server (debugging symbols)
xserver-xorg-dev-hwe-16.04 - Xorg X server - development files
xserver-xorg-legacy-hwe-16.04 - setuid root Xorg server wrapper
xwayland-hwe-16.04 - Xwayland X server
Changes:
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.2) xenial; urgency=medium
.
* SECURITY UPDATE: DoS and possible code execution in endianness
conversion of X Events
- debian/patches/CVE-2017-10971-1.patch: do not try to swap
GenericEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-2.patch: verify all events in
ProcXSendExtensionEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/patches/CVE-2017-10972.patch: zero target buffer in
SProcXSendExtensionEvent in Xi/sendexev.c.
- CVE-2017-10972
Checksums-Sha1:
167dc8589334196821b42eb9b311d3230db32832 5076 xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.dsc
f6bf540609f6867505bf0c1b38b67e5ded3429cd 259480 xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.diff.gz
Checksums-Sha256:
d638886dc7cd075be92367f97d0d09771c34dfb84f8a58467e689b0a7982f7ba 5076 xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.dsc
a04c9f854935dc4489a0b05da3a3a971b86869bdd99c196f22bfee9cbf1b9041 259480 xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.diff.gz
Files:
e7c8a8831f929af8d77fa062eda92afb 5076 x11 optional xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.dsc
4914c30e3a0faa9cac9ccaf3566d269c 259480 x11 optional xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.diff.gz
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>
More information about the Xenial-changes
mailing list