On 01/10/2017 10:45 PM, Sona Sarmadi wrote:
Hi Armin,
I hope it is ok to upgrade libXtst, please let me know if you want to keep the
same version and apply the patch instead of upgrade.
this is reasonable request. once its in Morty, I will pull it into krogoth.
thanks for sending the request.
- armin
The upgrade have only following changes:
https://cgit.freedesktop.org/xorg/lib/libXtst/
Age Commit message Author Files Lines
2016-10-04 libXtst 1.2.3HEADlibXtst-1.2.3master Matthieu Herrb 1
-1/+1
2016-09-25 Out of boundary access and endless loop in libXtst Tobias
Stoeckmann 1 -4/+39
2013-11-23 Remove fallback for _XEatDataWords, require libX11 1.6 for it
Michael Joost 2 -18/+1
2013-05-31 libXtst 1.2.2libXtst-1.2.2
This does not affect master. According to Mitre this affects libXtst before
1.2.3:
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers
to trigger out-of-bounds memory access operations by leveraging the lack of
range checks.
Cheers
//Sona
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On
Behalf Of Sona Sarmadi
Sent: den 10 januari 2017 12:11
To: [email protected]
Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
Upgrade libxtst from 1.2.2 to 1.2.3 to address:
Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312
9ec4a7a4f4b54a0d59701beeae3
Signed-off-by: Sona Sarmadi <[email protected]>
---
meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4
++--
1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-
graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
similarity index 78%
rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
index 1b0bcf3..31ea439 100644
--- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
+++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
@@ -16,5 +16,5 @@ PE = "1"
XORG_PN = "libXtst"
-SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
-SRC_URI[sha256sum] =
"ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83
09f6d9"
+SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
+SRC_URI[sha256sum] =
"4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b
f5204"
--
1.9.1
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
