[OE-core] FW: [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
Sona Sarmadi
sona.sarmadi at enea.com
Wed Jan 11 06:45:43 UTC 2017
Hi Armin,
I hope it is ok to upgrade libXtst, please let me know if you want to keep the same version and apply the patch instead of upgrade.
The upgrade have only following changes:
https://cgit.freedesktop.org/xorg/lib/libXtst/
Age Commit message Author Files Lines
2016-10-04 libXtst 1.2.3HEADlibXtst-1.2.3master Matthieu Herrb 1 -1/+1
2016-09-25 Out of boundary access and endless loop in libXtst Tobias Stoeckmann 1 -4/+39
2013-11-23 Remove fallback for _XEatDataWords, require libX11 1.6 for it Michael Joost 2 -18/+1
2013-05-31 libXtst 1.2.2libXtst-1.2.2
This does not affect master. According to Mitre this affects libXtst before 1.2.3:
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
Cheers
//Sona
> -----Original Message-----
> From: openembedded-core-bounces at lists.openembedded.org
> [mailto:openembedded-core-bounces at lists.openembedded.org] On
> Behalf Of Sona Sarmadi
> Sent: den 10 januari 2017 12:11
> To: openembedded-core at lists.openembedded.org
> Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
>
> Upgrade libxtst from 1.2.2 to 1.2.3 to address:
> Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
>
> References:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
> https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312
> 9ec4a7a4f4b54a0d59701beeae3
>
> Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
> ---
> meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4
> ++--
> 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-
> graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
>
> diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> similarity index 78%
> rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> index 1b0bcf3..31ea439 100644
> --- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> +++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> @@ -16,5 +16,5 @@ PE = "1"
>
> XORG_PN = "libXtst"
>
> -SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
> -SRC_URI[sha256sum] =
> "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83
> 09f6d9"
> +SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
> +SRC_URI[sha256sum] =
> "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b
> f5204"
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list