[ANNOUNCE] libXi 1.6.2.901
Peter Hutterer
peter.hutterer at who-t.net
Thu May 23 20:40:40 PDT 2013
RC1 for libXi 1.6.3 (XI 2.2 support) containing fixes for CVE-2013-1984,
CVE-2013-1995, CVE-2013-1998. And a fix to have the correct serial number in
GenericEvents.
Alan Coopersmith (14):
Expand comment on the memory vs. reply ordering in XIGetSelectedEvents()
Use _XEatDataWords to avoid overflow of rep.length bit shifting
Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3]
memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3]
unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3]
integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8]
integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8]
integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8]
integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8]
integer overflow in XIGetProperty() [CVE-2013-1984 5/8]
integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8]
Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8]
Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8]
sign extension issue in XListInputDevices() [CVE-2013-1995]
Peter Hutterer (3):
Copy the sequence number into the target event too (#64687)
Don't overwrite the cookies serial number
libXi 1.6.2.901
git tag: libXi-1.6.2.901
http://xorg.freedesktop.org/archive/individual/lib/libXi-1.6.2.901.tar.bz2
MD5: 15fafea478b2de7b2d6e4235e1ffea8a libXi-1.6.2.901.tar.bz2
SHA1: b87e5cac9882dcae59ec8dd924656fe6421df844 libXi-1.6.2.901.tar.bz2
SHA256: 1b1a30ff9be7ff2420597668986fa39561ac4afbd0a1d89c7e9ea3963d398f2b libXi-1.6.2.901.tar.bz2
http://xorg.freedesktop.org/archive/individual/lib/libXi-1.6.2.901.tar.gz
MD5: 411cc62a7a336dfcf9826d80e0ffdb7a libXi-1.6.2.901.tar.gz
SHA1: 3b6864fb7a4f0b119d24eaa4ff141d88853518a4 libXi-1.6.2.901.tar.gz
SHA256: 2632dd29c546269240a1ab933def6746afebd49fffc02ee1c5757f20beac0dd3 libXi-1.6.2.901.tar.gz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-announce/attachments/20130524/a379e72f/attachment.pgp>
More information about the xorg-announce
mailing list