libdmx is the Xlib-based DMX (Distributed Multihead X) extension library. This bugfix release consists solely of the fixes for the overflows recently reported under CVE-2013-1992. Alan Coopersmith (5): Use _XEatDataWords to avoid overflow of rep.length bit shifting integer overflow in DMXGetScreenAttributes() [CVE-2013-1992 1/3] integer overflow in DMXGetWindowAttributes() [CVE-2013-1992 2/3] integer overflow in DMXGetInputAttributes() [CVE-2013-1992 3/3] libdmx 1.1.3 git tag: libdmx-1.1.3 http://xorg.freedesktop.org/archive/individual/lib/libdmx-1.1.3.tar.bz2 MD5: ba983eba5a9f05d152a0725b8e863151 SHA1: 0eeac14a06cffb04a1c78793563f233a8f8b79be SHA256: c97da36d2e56a2d7b6e4f896241785acc95e97eb9557465fd66ba2a155a7b201 http://xorg.freedesktop.org/archive/individual/lib/libdmx-1.1.3.tar.gz MD5: eed755e7cdb161e05f70e955f2b0ef4d SHA1: 07497612b658dd2b247f87fb4248bf180e82d563 SHA256: c4b24d7e13e5a67ead7a18f0b4cc9b7b5363c9d04cd01b83b5122ff92b3b4996 -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 832 bytes Desc: not available URL: <http://lists.x.org/archives/xorg-announce/attachments/20130528/115ef5e3/attachment.pgp>