search for: stoeckmann

X.Org security advisory: October 4, 2016 Protocol handling issues in X Window System client libraries ============================================================ Description Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. These issue come in addition to the ones discovered by Ilja van S...

Matthieu Herrb (1): libXfixes 5.0.3 Tobias Stoeckmann (1): Integer overflow on illegal server response git tag: libXfixes-5.0.3 https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.bz2 MD5: 07e01e046a0215574f36a3aacb148be0 libXfixes-5.0.3.tar.bz2 SHA1: ca86342d129c02435a9ee46e38fdf1a04d6b4b91 libXfixes-5.0.3.tar.bz2 SHA25...

Matthieu Herrb (1): libXi 1.7.7 Tobias Stoeckmann (1): Properly validate server responses. git tag: libXi-1.7.7 https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2 MD5: cc0883a898222d50ff79af3f83595823 libXi-1.7.7.tar.bz2 SHA1: 37d150d7cc7061612643a3b8f458ff004edc6f2d libXi-1.7.7.tar.bz2 SHA256: 996f834fa57b9b33ba366...

Matthieu Herrb (1): libXrandr 1.5.1 Tobias Stoeckmann (1): Avoid out of boundary accesses on illegal responses walter harms (2): fix: doGetScreenResources() info: redundant null check on calling free() fix: redundant null check on calling free() git tag: libXrandr-1.5.1 https://xorg.freedesktop.org/archive/individual/lib/libXrandr...

Lauri Kasanen (1): Fix documentation to explicitly mention premultiplied alpha Matthieu Herrb (1): libXrender 0.9.10 Tobias Stoeckmann (2): Avoid OOB write in XRenderQueryFilters Validate lengths while parsing server data. git tag: libXrender-0.9.10 https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.bz2 MD5: 802179a76bded0b658f4e9ec5e1830a4 libXrender-0.9.10.tar.bz2 SHA1: d55106de9260c2377c19...

Matthieu Herrb (1): libXtst 1.2.3 Michael Joost (1): Remove fallback for _XEatDataWords, require libX11 1.6 for it Tobias Stoeckmann (1): Out of boundary access and endless loop in libXtst git tag: libXtst-1.2.3 https://xorg.freedesktop.org/archive/individual/lib/libXtst-1.2.3.tar.bz2 MD5: ef8c2c1d16a00bd95b9fdcef63b8a2ca libXtst-1.2.3.tar.bz2 SHA1: 27d004db631bee3a82155d3caf961d9584207d36 libXtst-1.2.3.tar.bz2 SHA256...

Alan Coopersmith (1): Fix typo in dependencies for lint library Matthieu Herrb (1): libXv 1.0.11 Tobias Stoeckmann (1): Protocol handling issues in libXv - CVE-2016-5407 git tag: libXv-1.0.11 https://xorg.freedesktop.org/archive/individual/lib/libXv-1.0.11.tar.bz2 MD5: 210b6ef30dda2256d54763136faa37b9 libXv-1.0.11.tar.bz2 SHA1: d79f9c56faedd682f420fa68bb9d7ff755b84579 libXv-1.0.11.tar.bz2 SHA256: d26...

Matthieu Herrb (1): libXvMC 1.0.10 Tobias Stoeckmann (1): Avoid buffer underflow on empty strings. git tag: libXvMC-1.0.10 https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.bz2 MD5: 4cbe1c1def7a5e1b0ed5fce8e512f4c6 libXvMC-1.0.10.tar.bz2 SHA1: 8c50ee4a43aff84d807da2122ec6b0d8e3ce4635 libXvMC-1.0.10.tar.bz2 SHA256: e501...

Lauri Kasanen (1): Fix documentation to explicitly mention premultiplied alpha Matthieu Herrb (1): libXrender 0.9.10 Tobias Stoeckmann (2): Avoid OOB write in XRenderQueryFilters Validate lengths while parsing server data. git tag: libXrender-0.9.10 https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.bz2 MD5: 802179a76bded0b658f4e9ec5e1830a4 libXrender-0.9.10.tar.bz2 SHA1: d55106de9260c2377c19...

Matthieu Herrb (1): libXi 1.7.7 Tobias Stoeckmann (1): Properly validate server responses. git tag: libXi-1.7.7 https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2 MD5: cc0883a898222d50ff79af3f83595823 libXi-1.7.7.tar.bz2 SHA1: 37d150d7cc7061612643a3b8f458ff004edc6f2d libXi-1.7.7.tar.bz2 SHA256: 996f834fa57b9b33ba366...

Jörg Sonnenberger (1): Fix abs() usage. Matthieu Herrb (1): libXpm 3.5.12 Tobias Stoeckmann (4): Fix out out boundary read on unknown colors Gracefully handle EOF while parsing files. Avoid OOB write when handling malicious XPM files. Handle size_t in file/buffer length git tag: libXpm-3.5.12 https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.12.tar.b...

...Ing. Dieter Jurzitza (1):       glamor: Fix missing declaration in dash vertex shader Olivier Fourdan (2):       xwayland: clear cursor frame callback       xwayland: Monitor client states to destroy callbacks Qiang Yu (1):       present: disable page flip only when a slave crtc is active Tobias Stoeckmann (1):       render: Fix out of boundary heap access git tag: xorg-server-1.19.3 https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.19.3.tar.bz2 MD5:  015d2fc4b9f2bfe7a626edb63a62c65e  xorg-server-1.19.3.tar.bz2 SHA1: 77f580ffa22a8bbcc3536e74e19114e446417a9c  xorg-server-1.19.3.t...

...ger sign/size mismatch warnings Emil Velikov (1): autogen.sh: use quoted string variables Matthieu Herrb (1): libXcursor 1.1.15 Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Tobias Stoeckmann (1): Fix heap overflows when parsing malicious files. (CVE-2017-16612) shubham shrivastav (1): Insufficient memory for terminating null of string in _XcursorThemeInherits git tag: libXcursor-1.1.15 https://xorg.freedesktop.org/archive/individual/lib/libXcursor-1.1.15.tar.bz2 MD5: 58...

...Stone (3): c_client: Don't serialise non-wire fields c_client: Add support for lists of FDs Release libxcb 1.13 David McFarland (1): read from connection when polling special events and replies Thomas Klausner (1): Fix inconsistent use of tabs vs. space. Tobias Stoeckmann (1): Check strdup for NULL return value. git tag: libxcb-1.13 https://xorg.freedesktop.org/archive/individual/xcb/libxcb-1.13.tar.bz2 MD5: c2b6cf928afa16b0047c974e7aaa783f libxcb-1.13.tar.bz2 SHA1: 212ad5f1f80def80536d78e3d20354a0370e7fe9 libxcb-1.13.tar.bz2 SHA256: 188c8752193c50ff2dbe8...

...ettenis (1): startx: Don't use GNU expr extensions Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (3): startx: fix comment typo startx: don't init defaultdisplay to :0 autogen.sh: use exec instead of waiting for configure to finish Tobias Stoeckmann (1): xinit: check for correct fork error code git tag: xinit-1.4.0 https://xorg.freedesktop.org/archive/individual/app/xinit-1.4.0.tar.bz2 MD5: 2da154b2f80ca9637b1a17b13af0880c xinit-1.4.0.tar.bz2 SHA1: fcdca692b09a45f546016fff78718d1cf7e7852f xinit-1.4.0.tar.bz2 SHA256: 230835eef2f5978a...

...ov (1): autogen.sh: use quoted string variables Michael Joost (1): Remove fallback for _XEatDataWords, require libX11 1.6 for it Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Tobias Stoeckmann (1): libXinerama: Set number of screens to 0 on error git tag: libXinerama-1.1.4 https://xorg.freedesktop.org/archive/individual/lib/libXinerama-1.1.4.tar.bz2 MD5: 0d5f826a197dae74da67af4a9ef35885 libXinerama-1.1.4.tar.bz2 SHA1: 34a1d9908ffbd46805d2357c6b05f5e341a8dc7c libXinerama-1.1.4....

...ing changed. Matthieu Herrb (2): Remove statement with no effect. libX11 1.6.6 Michal Srb (1): Use flexible array member instead of fake size. Ryan C. Gordon (1): Valgrind fix for XStoreColor and XStoreColors. Samuel Thibault (1): XkbOpenDisplay.3: fix typo Tobias Stoeckmann (4): Validation of server response in XListHosts. Fixed off-by-one writes (CVE-2018-14599). Fixed out of boundary write (CVE-2018-14600). Fixed crash on invalid reply (CVE-2018-14598). walter harms (13): fix shadow warning _XIOError(dpy); will never return so re...

...h for getpid() Matthieu Herrb (3): Fix uuid_to_string(3) type Get rid of strcpy() in the HAVE_UUID_CREATE case libSM 1.2.3 Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Tobias Stoeckmann (1): Fixed out ouf boundary accesses. git tag: libSM-1.2.3 https://xorg.freedesktop.org/archive/individual/lib/libSM-1.2.3.tar.bz2 MD5: 87c7fad1c1813517979184c8ccd76628 libSM-1.2.3.tar.bz2 SHA1: 437d7b13fa2eba325df3a106f177df46ccec6546 libSM-1.2.3.tar.bz2 SHA256: 2d264499dcb05f56438dee12...

...Update configure.ac bug URL for gitlab migration xcursorgen 1.0.7 Emil Velikov (1): autogen.sh: use quoted string variables Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Tobias Stoeckmann (1): Fix null pointer dereference on very large images. git tag: xcursorgen-1.0.7 https://xorg.freedesktop.org/archive/individual/app/xcursorgen-1.0.7.tar.bz2 MD5: 25cc7ca1ce5dcbb61c2b471c55e686b5 xcursorgen-1.0.7.tar.bz2 SHA1: 109367eb23b0ad52cf5de15f50c02ebe872698ae xcursorgen-1.0.7.ta...

...set bsize when malloc failed Jeremy Huddleston Sequoia (1): Silence a benign static analysis warning with an assert of allocation size Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Tobias Stoeckmann (1): Avoid out of boundary read access walter harms (3): AuDispose.c:remove redundant null check on calling free() Au FileName.c: remove redundant null check on calling free() AuRead.c: remove redundant null check on calling free() git tag: libXau-1.0.9 https://xorg.freed...