CVE-2018-14599: [ANNOUNCE] libX11 1.6.6

Matthieu Herrb matthieu at herrb.eu
Tue Aug 21 15:43:23 UTC 2018

• Previous message (by thread): X.Org security advisory: August 21, 2018
• Next message (by thread): X.Org security advisory: August 22, 2018
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Coopersmith (6): Make Xkb{Get,Set}NamedIndicator spec & manpages match code Clarify state parameter to XkbSetNamedDeviceIndicator Improve table formatting in XkbChangeControls & XkbKeyNumGroups man pages If XGetImage fails to create image, don’t dereference it to bounds check Use size_t for buffer sizes in SetHints.c Change fall through comment in lcDB.c to match gcc’s requirements

Arthur Huillet (1): _XDefaultError: set XlibDisplayIOError flag before calling exit

Bhavi Dhingra (1): Fix possible memory leak in cmsProp.c:140

Martin Natano (1): Don’t rebuild ks_tables.h if nothing changed.

Matthieu Herrb (2): Remove statement with no effect. libX11 1.6.6

Michal Srb (1): Use flexible array member instead of fake size.

Ryan C. Gordon (1): Valgrind fix for XStoreColor and XStoreColors.

Samuel Thibault (1): XkbOpenDisplay.3: fix typo

Tobias Stoeckmann (4): Validation of server response in XListHosts. Fixed off-by-one writes (CVE-2018-14599). Fixed out of boundary write (CVE-2018-14600). Fixed crash on invalid reply (CVE-2018-14598).

walter harms (13): fix shadow warning _XIOError(dpy); will never return so remore dead remove argument check for free() adjust one inden fix shadow char_size fix more shadow warning no need to check argument for _XkbFree() remove stray extern no need to check args for Xfree() fix memleak in error path fix memleak in error path no need to check XFree arguments mark _XDefaultIOError as no_return Fixes: warning: variable ‘req’ set but not,used

wharms (3): add _X_UNUSED to avoid unused variable warnings remove empty line silence gcc warning assignment discards ‘const’ qualifier from pointer target type

git tag: libX11-1.6.6

https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.6.tar.bz2 MD5: 6b0f83e851b3b469dd660f3a95ac3e42 libX11-1.6.6.tar.bz2 SHA1: b29cf4362b58188cb27fed2294788004af7428a9 libX11-1.6.6.tar.bz2 SHA256: 65fe181d40ec77f45417710c6a67431814ab252d21c2e85c75dd1ed568af414f libX11-1.6.6.tar.bz2 SHA512: 9866dc6b158b15a96efe140b6fa68a775889a37e5565a126216211fee63868e02629a9f9f41816d590ef150560f43b8864010a77a6318c9109e76aec1d21b4d7 libX11-1.6.6.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.6.tar.bz2.sig

https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.6.tar.gz MD5: 3fd4c6b9f2333dbc5d16824baa1cfb67 libX11-1.6.6.tar.gz SHA1: 3542c1641be5670dd1e9a38ea5b22d4278c17d19 libX11-1.6.6.tar.gz SHA256: c7fb5b1069d700737e02766aaf800d87e87d443af76657fff7a969edfcf49da0 libX11-1.6.6.tar.gz SHA512: 5d8a83521f53f529f6e7e2edc8d6ab837b39cbe794cc83d2dd84871656e5fb6e2d363c89df7af945547415c7bc8c7f2e85097b7b405b7e4f679071d84a42fc8d libX11-1.6.6.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.6.tar.gz.sig

-------------- next part -------------- A non-text attachment was scrubbed… Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: not available URL: https://lists.x.org/archives/xorg-announce/attachments/20180821/792b4cda/attachment.sig\

• Previous message (by thread): X.Org security advisory: August 21, 2018
• Next message (by thread): X.Org security advisory: August 22, 2018
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the xorg-announce mailing list