[PULL: xserver master] misc. bug fixes & cleanups, including CVE-2013-4396

Alan Coopersmith alan.coopersmith at oracle.com
Mon Oct 14 18:00:32 PDT 2013


The following changes since commit 7cf1b595c8c8f9776a39559d2878cf90af3f2859:

   dix: only deliver for the current grab type (2013-10-14 11:07:38 +1000)

are available in the git repository at:

   git+ssh://people.freedesktop.org/~alanc/xserver.git master

for you to fetch changes up to 73b2660d7273d175d279d22f8ca0c3932a14ff1c:

   Avoid use-after-free in dix/dixfonts.c: doImageText() [CVE-2013-4396] 
(2013-10-14 17:56:44 -0700)

----------------------------------------------------------------
Alan Coopersmith (4):
       Skip damage calls if DamageCreate fails in exa functions
       DMX glxproxy: Don't allocate & copy data just to free it unused
       Update GLX dependencies now that DRI & DRI2 are builtins, not modules
       Avoid use-after-free in dix/dixfonts.c: doImageText() [CVE-2013-4396]

  dix/dixfonts.c                 |    5 +++++
  exa/exa_migration_mixed.c      |   11 +++++++----
  exa/exa_mixed.c                |   11 +++++++----
  hw/dmx/glxProxy/glxsingle.c    |   30 +++++++++++++++++-------------
  hw/dmx/glxProxy/glxvendor.c    |   30 +++++++++++++++++-------------
  hw/xfree86/dixmods/Makefile.am |    2 +-
  6 files changed, 54 insertions(+), 35 deletions(-)

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list