debian/changelog | 6 ++++++ src/XvMC.c | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-)
New commits: commit 9434b7e61ddc32385033b99cc17a8f70f64fab94 Author: Julien Cristau <[email protected]> Date: Fri May 24 07:51:02 2013 +0200 Upload to wheezy-security diff --git a/debian/changelog b/debian/changelog index 3be8bb2..6cb788e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libxvmc (2:1.0.7-1+deb7u2) wheezy-security; urgency=high + + * Fix regression in CVE-2013-1999 fix. Thanks to Dave Airlie and Al Viro. + + -- Julien Cristau <[email protected]> Fri, 24 May 2013 07:50:50 +0200 + libxvmc (2:1.0.7-1+deb7u1) wheezy-security; urgency=high * integer overflows calculating memory needs for replies [CVE-2013-1990] commit 748902f2ea5df723d238a0accdfd66cb77161725 Author: Dave Airlie <[email protected]> Date: Fri May 24 14:47:30 2013 +1000 Multiple unvalidated patches in CVE-2013-1999 Al Viro pointed out that Debian started segfaulting in Xine for him, Reported-by: Al Viro Signed-off-by: Dave Airlie <[email protected]> (cherry picked from commit 8c164524d229adb6141fdac8336b3823e7fe1a5d) diff --git a/src/XvMC.c b/src/XvMC.c index cb42487..74c8b85 100644 --- a/src/XvMC.c +++ b/src/XvMC.c @@ -585,15 +585,15 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port, if (*name && *busID && tmpBuf) { _XRead(dpy, tmpBuf, realSize); strncpy(*name,tmpBuf,rep.nameLen); - name[rep.nameLen - 1] = '\0'; + (*name)[rep.nameLen - 1] = '\0'; strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen); - busID[rep.busIDLen - 1] = '\0'; + (*busID)[rep.busIDLen - 1] = '\0'; XFree(tmpBuf); } else { XFree(*name); *name = NULL; XFree(*busID); - *name = NULL; + *busID = NULL; XFree(tmpBuf); _XEatDataWords(dpy, rep.length); -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
