[ANNOUNCE] xorg-server 1.16.2.901
Julien Cristau
jcristau at debian.org
Tue Dec 9 12:17:59 PST 2014
This is the first RC for xserver 1.16.3. It includes fixes for today's
security advisory (see
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/), plus
an fb fix for X.Org bug#54168, a few fixes for the present extension,
and a documentation update for the new -iglx/+iglx command-line flags.
Cheers,
Julien
Adam Jackson (12):
glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6]
glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]
glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6]
glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8]
glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6]
glx: Integer overflow protection for non-generated render requests (v3) [CVE-2014-8093 5/6]
glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8]
glx: Top-level length checking for swapped VendorPrivate requests [CVE-2014-8098 4/8]
glx: Request length checks for SetClientInfoARB [CVE-2014-8098 5/8]
glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8]
glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]
glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8]
Alan Coopersmith (19):
Add -iglx & +iglx to Xserver.man
unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]
dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]
dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]
dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
dix: integer overflow in REQUEST_FIXED_SIZE() [CVE-2014-8092 4/4]
dri2: integer overflow in ProcDRI2GetBuffers() [CVE-2014-8094]
dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]
Xi: unvalidated lengths in Xinput extension [CVE-2014-8095]
xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]
Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099]
dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103 1/2]
present: unvalidated lengths in Present extension procs [CVE-2014-8103 2/2]
randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]
render: unvalidated lengths in Render extn. swapped procs [CVE-2014-8100 2/2]
xfixes: unvalidated length in SProcXFixesSelectSelectionInput [CVE-2014-8102]
Add request length checking test cases for some Xinput 1.x requests
Add request length checking test cases for some Xinput 2.x requests
Add REQUEST_FIXED_SIZE testcases to test/misc.c
Alex Orange (1):
fb: Fix Bresenham algorithms for commonly used small segments.
Julien Cristau (3):
render: check request size before reading it [CVE-2014-8100 1/2]
glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8]
Bump to 1.16.2.901
Keith Packard (6):
present: Support PresentOptionCopy
glx: check return from __glXGetAnswerBuffer
dbe: Call to DDX SwapBuffers requires address of int, not unsigned int [CVE-2014-8097 pt. 2]
glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt. 9]
Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]
Mario Kleiner (2):
present: Avoid crashes in DebugPresent(), a bit more info.
present: Fix use of vsynced pageflips and honor PresentOptionAsync. (v4)
Robert Morell (1):
glx: Fix mask truncation in __glXGetAnswerBuffer [CVE-2014-8093 6/6]
git tag: xorg-server-1.16.2.901
http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.2.901.tar.bz2
MD5: 82cbcf6755787962e943d8e23495358d xorg-server-1.16.2.901.tar.bz2
SHA1: 2cca6993a6ffdb141971791d871a42492c6e5df8 xorg-server-1.16.2.901.tar.bz2
SHA256: ef885a5ce441e6ae5c73461b624f9e66e801e52eaf495e551663306ec4464ba6 xorg-server-1.16.2.901.tar.bz2
PGP: http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.2.901.tar.bz2.sig
http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.2.901.tar.gz
MD5: b2d2353f0288be8fa79f7570972f010b xorg-server-1.16.2.901.tar.gz
SHA1: 7721e30102f6a95740998c5994aaf1440af0a751 xorg-server-1.16.2.901.tar.gz
SHA256: f54ed6143323ac39af6dff041ce2f47dce24c01c1b80092b8a6d0ca10817fd81 xorg-server-1.16.2.901.tar.gz
PGP: http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.16.2.901.tar.gz.sig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.x.org/archives/xorg/attachments/20141209/8a2a4cce/attachment.sig>
More information about the xorg
mailing list