First and likely only RC for libXi 1.7.2. This one has a bunch of changes for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various integer overflows and other corruption that happens if we trust the server a bit too much on the data we're being sent. On top of those fixes, the sequence number in XI2 events is now set propertly too (#64687). Please test, if you find any issues let me know. Alan Coopersmith (14): Expand comment on the memory vs. reply ordering in XIGetSelectedEvents() Use _XEatDataWords to avoid overflow of rep.length bit shifting Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3] memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3] unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3] integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8] integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8] integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8] integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8] integer overflow in XIGetProperty() [CVE-2013-1984 5/8] integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8] Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8] Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8] sign extension issue in XListInputDevices() [CVE-2013-1995] Peter Hutterer (7): Copy the sequence number into the target event too (#64687) Don't overwrite the cookies serial number Fix potential corruption in mask_len handling Change size += to size = in XGetDeviceControl If the XGetDeviceDontPropagateList reply has an invalid length, return 0 Include limits.h to prevent build error: missing INT_MAX libXi 1.7.1.901 git tag: libXi-1.7.1.901 http://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.1.901.tar.bz2 MD5: 8a775d5368c9fb64aa484fb320b0c82d libXi-1.7.1.901.tar.bz2 SHA1: 5e77d6ea94bb2efb83a6b9fe0093fea75e38f321 libXi-1.7.1.901.tar.bz2 SHA256: 5248b643fc0b76fff978eefc0acdeee278407983cf7b6e371242e1b53ba32f7c libXi-1.7.1.901.tar.bz2 http://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.1.901.tar.gz MD5: ac83d7276b9d36c9ccd69b7020396e66 libXi-1.7.1.901.tar.gz SHA1: 9991d3ac73f002f98e0eb416fb725028b9b74e35 libXi-1.7.1.901.tar.gz SHA256: c5ac9548070545b71d650f37b5fc2fd122f38d4e280729fe30abece2de5b693c libXi-1.7.1.901.tar.gz -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.x.org/archives/xorg-announce/attachments/20130627/0165d541/attachment.pgp>