[ANNOUNCE] xorg-server 1.16.3

Julien Cristau jcristau at debian.org
Sat Dec 20 04:34:33 PST 2014

Here's X server 1.16.3.  Other than the version number, no changes since
RC1.  Below is the shortlog from 1.16.2, most of the changes are from


Adam Jackson (12):
      glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]
      glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]
      glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]
      glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]
      glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]
      glx: Integer overflow protection for non-generated render requests (v3) [CVE-2014-8093 5/6]
      glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]
      glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8098 4/8]
      glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]
      glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8]
      glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]
      glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]

Alan Coopersmith (19):
      Add -iglx & +iglx to Xserver.man
      unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]
      dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]
      dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]
      dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
      dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]
      dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]
      dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]
      Xi: unvalidated lengths in Xinput extension [CVE-2014-8095]
      xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]
      Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]
      dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103 1/2]
      present: unvalidated lengths in Present extension procs [CVE-2014-8103 2/2]
      randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]
      render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100 2/2]
      xfixes: unvalidated length in SProcXFixesSelectSelectionInput [CVE-2014-8102]
      Add request length checking test cases for some Xinput 1.x requests
      Add request length checking test cases for some Xinput 2.x requests
      Add REQUEST_FIXED_SIZE testcases to test/misc.c

Alex Orange (1):
      fb: Fix Bresenham algorithms for commonly used small segments.

Julien Cristau (4):
      render: check request size before reading it [CVE-2014-8100 1/2]
      glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8]
      Bump to
      Bump to 1.16.3

Keith Packard (6):
      present: Support PresentOptionCopy
      glx: check return from __glXGetAnswerBuffer
      dbe: Call to DDX SwapBuffers requires address of int, not unsigned int [CVE-2014-8097 pt. 2]
      glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt. 9]
      Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
      dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]

Mario Kleiner (2):
      present: Avoid crashes in DebugPresent(), a bit more info.
      present: Fix use of vsynced pageflips and honor PresentOptionAsync. (v4)

Robert Morell (1):
      glx: Fix mask truncation in __glXGetAnswerBuffer [CVE-2014-8093 6/6]

git tag: xorg-server-1.16.3

MD5:  afd93977235584a9caa7528a737c1b52  xorg-server-1.16.3.tar.bz2
SHA1: cf903e3b02cd4f4b075d139ee7d6b0a3741cd9cf  xorg-server-1.16.3.tar.bz2
SHA256: 5e0f443238af1078b48f6eea98a382861b59187da221c2cf714d31c1d560b0fb  xorg-server-1.16.3.tar.bz2
PGP:  http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.3.tar.bz2.sig

MD5:  d483f015b98c7a04f8b578ba9917a917  xorg-server-1.16.3.tar.gz
SHA1: 572deb5fe1fde9f5ec7d23886f2afddca7020e18  xorg-server-1.16.3.tar.gz
SHA256: 293d6a73a560f9f7f5cc8a05d84445a3aabfdf43683925d0f93c8f8502536c84  xorg-server-1.16.3.tar.gz
PGP:  http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.3.tar.gz.sig

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.x.org/archives/xorg-announce/attachments/20141220/ad908a8f/attachment.sig>

More information about the xorg-announce mailing list