[ANNOUNCE] libX11 (1.6 RC2)

Alan Coopersmith alan.coopersmith at oracle.com
Thu May 23 20:01:50 PDT 2013

I think it's about time for a second release candidate for Xlib 1.6, don't you?

This release is brought to you by the letters C, V, & E, and more numbers
than I can count, with a special guest appearance by the letters J́ and j́.

Please test & report any issues you find (by May 31 if possible).
Unless any blockers turn up, I plan to cut the final 1.6 release
the first week of June.

Alan Coopersmith (41):
      Move big request comment in XOpenDisplay to the right place
      Move repeated #ifdef magic to find PATH_MAX into a common header
      Add _XEatDataWords to discard a given number of 32-bit words of reply data
      integer overflow in _XQueryFont() on 32-bit platforms [CVE-2013-1981 1/13]
      integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]
      integer overflow in XListFontsWithInfo() [CVE-2013-1981 3/13]
      integer overflow in XGetMotionEvents() [CVE-2013-1981 4/13]
      integer overflow in XListHosts() [CVE-2013-1981 5/13]
      unvalidated lengths in XAllocColorCells() [CVE-2013-1997 1/15]
      unvalidated index in _XkbReadGetDeviceInfoReply() [CVE-2013-1997 2/15]
      unvalidated indexes in _XkbReadGeomShapes() [CVE-2013-1997 3/15]
      unvalidated indexes in _XkbReadGetGeometryReply() [CVE-2013-1997 4/15]
      unvalidated index in _XkbReadKeySyms() [CVE-2013-1997 5/15]
      unvalidated index in _XkbReadKeyActions() [CVE-2013-1997 6/15]
      unvalidated index in _XkbReadKeyBehaviors() [CVE-2013-1997 7/15]
      unvalidated index in _XkbReadModifierMap() [CVE-2013-1997 8/15]
      unvalidated index in _XkbReadExplicitComponents() [CVE-2013-1997 9/15]
      unvalidated index in _XkbReadVirtualModMap() [CVE-2013-1997 10/15]
      unvalidated index/length in _XkbReadGetNamesReply() [CVE-2013-1997 11/15]
      unvalidated length in _XimXGetReadData() [CVE-2013-1997 12/15]
      Integer overflows in stringSectionSize() cause buffer overflow in ReadColornameDB() [CVE-2013-1981 6/13]
      integer overflow in ReadInFile() in Xrm.c [CVE-2013-1981 7/13]
      Unbounded recursion in GetDatabase() when parsing include files [CVE-2013-2004 1/2]
      Unbounded recursion in _XimParseStringFile() when parsing include files [CVE-2013-2004 2/2]
      integer truncation in _XimParseStringFile() [CVE-2013-1981 8/13]
      integer overflows in TransFileName() [CVE-2013-1981 9/13]
      integer overflow in XGetWindowProperty() [CVE-2013-1981 10/13]
      integer overflow in XGetImage() [CVE-2013-1981 11/13]
      integer overflow in XGetPointerMapping() & XGetKeyboardMapping() [CVE-2013-1981 12/13]
      integer overflow in XGetModifierMapping() [CVE-2013-1981 13/13]
      Avoid overflows in XListFonts() [CVE-2013-1997 13/15]
      Avoid overflows in XGetFontPath() [CVE-2013-1997 14/15]
      Avoid overflows in XListExtensions() [CVE-2013-1997 15/15]
      Make XGetWindowProperty() always initialize returned values
      Convert more _XEatData callers to _XEatDataWords
      Remove more unnecessary casts from Xmalloc/calloc calls
      Use calloc in XOpenDisplay to initialize structs containing pointers
      _XkbReadGetMapReply: reject maxKeyCodes smaller than the minKeyCode
      Give GNU & Solaris Studio compilers hints about XEatData branches
      Free fs->properties in _XF86BigfontQueryFont overflow error path
      libX11 (1.6 RC2)

Julien Cristau (1):
      xkb: fix off-by-one in _XkbReadGetNamesReply and _XkbReadVirtualModMap

Matthieu Herrb (1):
      XListFontsWithInfo: Re-decrement flist[0] before calling free() on it.

Niveditha Rau (1):
      Make sure internal headers include required headers

Pander (1):
      Add compose sequences for J́ and j́.

git tag: libX11-

MD5:  0f1a38133d11d64ad02fecb508b049ed
SHA1: d7d6909b57804104a38e8f1ed1d5f639062b030a
SHA256: 9e6a28609e1857600d51d45b90f14853350176e00bd50c863603164f539cdf8c

MD5:  04883210511cebec1d74dc9be184b82d
SHA1: d0101aa3ee027b90a801544982026ab0dcb661e9
SHA256: 82ae9cca7bc09f5236a57d18fa1cecf4ec0be6866316656eae39df43b5642c79

	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-announce/attachments/20130523/4e388da3/attachment.pgp>

More information about the xorg-announce mailing list