[ANNOUNCE] libXvMC 1.0.8

Alan Coopersmith alan.coopersmith at oracle.com
Thu Jun 13 23:37:40 PDT 2013

libXvMC is the Xlib-based client library for the X-Video Motion Compensation

This bug fix release provides the fixes for the recently announced security
issues CVE-2013-1990 & CVE-2013-1999, and the fixes for the bugs introduced
in the initial set of patches for those security issues.

Adam Jackson (1):
      configure: Remove AM_MAINTAINER_MODE

Alan Coopersmith (6):
      Use _XEatDataWords to avoid overflow of rep.length shifting
      integer overflow in XvMCListSurfaceTypes() [CVE-2013-1990 1/2]
      integer overflow in XvMCListSubpictureTypes() [CVE-2013-1990 2/2]
      integer overflow in _xvmc_create_*()
      Multiple unvalidated assumptions in XvMCGetDRInfo() [CVE-2013-1999]
      libXvMC 1.0.8

Colin Walters (1):
      autogen.sh: Implement GNOME Build API

Dave Airlie (1):
      Multiple unvalidated patches in CVE-2013-1999

Julien Cristau (1):
      avoid overflowing by making nameLen and busIDLen addition overflow

git tag: libXvMC-1.0.8

MD5:  2e4014e9d55c430e307999a6b3dd256d
SHA1: b0fa592cd615aa41290cb8d6f97e6ed53dd21bca
SHA256: 5e1a401efa433f959d41e17932b8c218c56b931348f494b8fa4656d7d798b204

MD5:  2dedf01f8c34d086fac285195e3eee2b
SHA1: f5e9ac86576a3f63530ad20bf7d20ddfe007024a
SHA256: a9a294e8fe584363790c6bd49c7de78e5a6ce395a4318ef2790dfb6afa84b631

	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-announce/attachments/20130613/a5d8bdd7/attachment.pgp>

More information about the xorg-announce mailing list