xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.2) xenial; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution in endianness
    conversion of X Events
    - debian/patches/CVE-2017-10971-1.patch: do not try to swap
      GenericEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-2.patch: verify all events in
      ProcXSendExtensionEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
      SendEvent request in dix/events.c, dix/swapreq.c.
    - CVE-2017-10971
  * SECURITY UPDATE: information leak in XEvent handling
    - debian/patches/CVE-2017-10972.patch: zero target buffer in
      SProcXSendExtensionEvent in Xi/sendexev.c.
    - CVE-2017-10972

Date: Tue, 25 Jul 2017 09:04:30 -0400
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubunt...@lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xorg-server-hwe-16.04/2:1.19.3-1ubuntu1~16.04.2
Format: 1.8
Date: Tue, 25 Jul 2017 09:04:30 -0400
Source: xorg-server-hwe-16.04
Binary: xserver-xorg-core-hwe-16.04 xserver-xorg-dev-hwe-16.04 
xserver-xephyr-hwe-16.04 xserver-xorg-core-hwe-16.04-dbg xmir-hwe-16.04 
xorg-server-source-hwe-16.04 xwayland-hwe-16.04 xserver-xorg-legacy-hwe-16.04
Architecture: source
Version: 2:1.19.3-1ubuntu1~16.04.2
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu X-SWAT <ubunt...@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Description:
 xmir-hwe-16.04 - Xmir X server
 xorg-server-source-hwe-16.04 - Xorg X server - source files
 xserver-xephyr-hwe-16.04 - nested X server
 xserver-xorg-core-hwe-16.04 - Xorg X server - core server
 xserver-xorg-core-hwe-16.04-dbg - Xorg - the X.Org X server (debugging symbols)
 xserver-xorg-dev-hwe-16.04 - Xorg X server - development files
 xserver-xorg-legacy-hwe-16.04 - setuid root Xorg server wrapper
 xwayland-hwe-16.04 - Xwayland X server
Changes:
 xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.2) xenial; urgency=medium
 .
   * SECURITY UPDATE: DoS and possible code execution in endianness
     conversion of X Events
     - debian/patches/CVE-2017-10971-1.patch: do not try to swap
       GenericEvent in Xi/sendexev.c.
     - debian/patches/CVE-2017-10971-2.patch: verify all events in
       ProcXSendExtensionEvent in Xi/sendexev.c.
     - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
       SendEvent request in dix/events.c, dix/swapreq.c.
     - CVE-2017-10971
   * SECURITY UPDATE: information leak in XEvent handling
     - debian/patches/CVE-2017-10972.patch: zero target buffer in
       SProcXSendExtensionEvent in Xi/sendexev.c.
     - CVE-2017-10972
Checksums-Sha1:
 167dc8589334196821b42eb9b311d3230db32832 5076 
xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.dsc
 f6bf540609f6867505bf0c1b38b67e5ded3429cd 259480 
xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.diff.gz
Checksums-Sha256:
 d638886dc7cd075be92367f97d0d09771c34dfb84f8a58467e689b0a7982f7ba 5076 
xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.dsc
 a04c9f854935dc4489a0b05da3a3a971b86869bdd99c196f22bfee9cbf1b9041 259480 
xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.diff.gz
Files:
 e7c8a8831f929af8d77fa062eda92afb 5076 x11 optional 
xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.dsc
 4914c30e3a0faa9cac9ccaf3566d269c 259480 x11 optional 
xorg-server-hwe-16.04_1.19.3-1ubuntu1~16.04.2.diff.gz
Original-Maintainer: Debian X Strike Force <debia...@lists.debian.org>
-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

Reply via email to