Hi Armin, I hope it is ok to upgrade libXtst, please let me know if you want to keep the same version and apply the patch instead of upgrade.
The upgrade have only following changes: https://cgit.freedesktop.org/xorg/lib/libXtst/ Age Commit message Author Files Lines 2016-10-04 libXtst 1.2.3HEADlibXtst-1.2.3master Matthieu Herrb 1 -1/+1 2016-09-25 Out of boundary access and endless loop in libXtst Tobias Stoeckmann 1 -4/+39 2013-11-23 Remove fallback for _XEatDataWords, require libX11 1.6 for it Michael Joost 2 -18/+1 2013-05-31 libXtst 1.2.2libXtst-1.2.2 This does not affect master. According to Mitre this affects libXtst before 1.2.3: Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. Cheers //Sona > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On > Behalf Of Sona Sarmadi > Sent: den 10 januari 2017 12:11 > To: [email protected] > Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3 > > Upgrade libxtst from 1.2.2 to 1.2.3 to address: > Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951 > > References: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951 > https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312 > 9ec4a7a4f4b54a0d59701beeae3 > > Signed-off-by: Sona Sarmadi <[email protected]> > --- > meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4 > ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes- > graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%) > > diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb > b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb > similarity index 78% > rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb > rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb > index 1b0bcf3..31ea439 100644 > --- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb > +++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb > @@ -16,5 +16,5 @@ PE = "1" > > XORG_PN = "libXtst" > > -SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59" > -SRC_URI[sha256sum] = > "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83 > 09f6d9" > +SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca" > +SRC_URI[sha256sum] = > "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b > f5204" > -- > 1.9.1 > > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
