Publishing details
Changelog
xorg-server (2:1.16.4-1+deb8u2) jessie-security; urgency=high
* render: Fix out of boundary heap access
* Xext/shm: Validate shmseg resource id (CVE-2017-13721)
* xkb: Escape non-printable characters correctly.
* xkb: Handle xkb formated string output safely (CVE-2017-13723)
* os: Make sure big requests have sufficient length.
* Unvalidated lengths in
- XFree86-VidModeExtension (CVE-2017-12180)
- XFree86-DGA (CVE-2017-12181)
- XFree86-DRI (CVE-2017-12182)
- XFIXES (CVE-2017-12183)
- XINERAMA (CVE-2017-12184)
- MIT-SCREEN-SAVER (CVE-2017-12185)
- X-Resource (CVE-2017-12186)
- RENDER (CVE-2017-12187)
* Xi: Test exact size of XIBarrierReleasePointer
* Xi: integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer (CVE-2017-12179)
* Xi: Silence some tautological warnings
* Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
* dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177)
* Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
* Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES (CVE-2017-2624)
* Xwayland: enable access control and default to just the local user (CVE-2015-3164)
-- Julien Cristau <email address hidden> Sat, 14 Oct 2017 12:35:36 +0200
Builds
Package files