Opened 6 years ago

Closed 6 years ago

#9881 closed enhancement (fixed)


Reported by: bdubbs@… Owned by: ken@…
Priority: high Milestone: 8.2
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version.

Change History (3)

comment:1 by Douglas R. Reno, 6 years ago

Priority: normalhigh

comment:2 by ken@…, 6 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

One regression fix since 1.19.4 (mea culpa), and fixes for CVEs 2017- 12176 through 2017-12187. C is a terrible language, please stop writing code in it.

Adam Jackson (2):

Revert "xf86-video-modesetting: Add ms_queue_vblank helper [v3]" xserver 1.19.5

Michal Srb (1):

os: Make sure big requests have sufficient length.

Nathan Kidd (7):

Unvalidated lengths xfixes: unvalidated lengths (CVE-2017-12183) hw/xfree86: unvalidated lengths Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)

The CVEs are still currently marked as 'Reserved'.

comment:3 by ken@…, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed in r19323.

Note: See TracTickets for help on using tickets.