xorg-server: Changes to 'debian-squeeze'

Julien Cristau Mon, 02 Dec 2013 02:58:44 -0800

 debian/changelog                     |    6 ++++
 debian/patches/24-CVE-2013-4396.diff |   44 +++++++++++++++++++++++++++++++++++
 debian/patches/series                |    1 
 3 files changed, 51 insertions(+)


New commits:
commit 4e7ebd354051c41a817ff7b23da3400936ce90e5
Author: Moritz Muehlenhoff <[email protected]>
Date:   Tue Oct 22 00:13:44 2013 +0000

    CVE-2013-4396

diff --git a/debian/changelog b/debian/changelog
index 0483e45..6efa612 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xorg-server (2:1.7.7-17) squeeze-security; urgency=low
+
+  * CVE-2013-4396
+
+ -- Moritz Muehlenhoff <[email protected]>  Tue, 22 Oct 2013 00:13:44 +0000
+
 xorg-server (2:1.7.7-16) squeeze-security; urgency=high
 
   * xfree86: fix flush input to work with Linux evdev devices.  Avoids
diff --git a/debian/patches/24-CVE-2013-4396.diff 
b/debian/patches/24-CVE-2013-4396.diff
new file mode 100644
index 0000000..cc709ea
--- /dev/null
+++ b/debian/patches/24-CVE-2013-4396.diff
@@ -0,0 +1,44 @@
+diff -aur xorg-server-1.7.7.orig/dix/dixfonts.c 
xorg-server-1.7.7/dix/dixfonts.c
+--- xorg-server-1.7.7.orig/dix/dixfonts.c      2010-05-04 02:47:57.000000000 
+0200
++++ xorg-server-1.7.7/dix/dixfonts.c   2013-10-04 13:09:22.000000000 +0200
+@@ -1508,6 +1508,7 @@
+           GC *pGC;
+           unsigned char *data;
+           ITclosurePtr new_closure;
++          ITclosurePtr old_closure;
+ 
+           /* We're putting the client to sleep.  We need to
+              save some state.  Similar problem to that handled
+@@ -1520,6 +1521,7 @@
+               err = BadAlloc;
+               goto bail;
+           }
++            old_closure = c;
+           *new_closure = *c;
+           c = new_closure;
+ 
+@@ -1527,6 +1529,7 @@
+           if (!data)
+           {
+               xfree(c);
++                c = old_closure;
+               err = BadAlloc;
+               goto bail;
+           }
+@@ -1538,6 +1541,7 @@
+           {
+               xfree(c->data);
+               xfree(c);
++                c = old_closure;
+               err = BadAlloc;
+               goto bail;
+           }
+@@ -1551,6 +1555,7 @@
+               FreeScratchGC(pGC);
+               xfree(c->data);
+               xfree(c);
++                c = old_closure;
+               err = BadAlloc;
+               goto bail;
+           }
+Nur in xorg-server-1.7.7/dix: dixfonts.c~.
diff --git a/debian/patches/series b/debian/patches/series
index 4e3310f..833b3ce 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@
 21-device-mode-list.diff
 22-stop-searching-for-xf86config-files
 23-xf86-fix-flush-input-to-work-with-Linux-evdev-device.diff
+24-CVE-2013-4396.diff
\ No newline at end of file


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]

xorg-server: Changes to 'debian-squeeze'

Reply via email to