New branch 'debian-wheezy' available with the following commits:
commit c81e603e72452e1ce6e552d3b233dc000aa7386a
Author: Julien Cristau <[email protected]>
Date: Tue May 14 10:15:00 2013 +0200
Upload to wheezy-security
commit c232971c7a1962cd7e0d46c38af6d237f568e69d
Author: Alan Coopersmith <[email protected]>
Date: Sat Apr 13 10:24:08 2013 -0700
integer overflow in XFixesGetCursorImage() [CVE-2013-1983]
If the reported cursor dimensions or name length are too large, the
calculations to allocate memory for them may overflow, leaving us
writing beyond the bounds of the allocation.
Reported-by: Ilja Van Sprundel <[email protected]>
Signed-off-by: Alan Coopersmith <[email protected]>
Signed-off-by: Julien Cristau <[email protected]>
commit 0ffaf2df79d9977d091f9b427baa8fb9bdc8ef42
Author: Alan Coopersmith <[email protected]>
Date: Sat Apr 13 10:20:59 2013 -0700
Use _XEatDataWords to avoid overflow of _XEatData calculations
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
Signed-off-by: Alan Coopersmith <[email protected]>
Signed-off-by: Julien Cristau <[email protected]>
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
