[OE-core] FW: [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3

Sona Sarmadi sona.sarmadi at enea.com
Wed Jan 11 06:45:43 UTC 2017 

Hi Armin,

I hope it is ok to upgrade libXtst, please let me know if you want to keep the same version and apply the patch instead of upgrade.

 The upgrade have only following changes:

https://cgit.freedesktop.org/xorg/lib/libXtst/
Age	Commit message	Author	Files	Lines
2016-10-04	libXtst 1.2.3HEADlibXtst-1.2.3master	Matthieu Herrb	1	-1/+1
2016-09-25	Out of boundary access and endless loop in libXtst	Tobias Stoeckmann	1	-4/+39
2013-11-23	Remove fallback for _XEatDataWords, require libX11 1.6 for it	Michael Joost	2	-18/+1
2013-05-31	libXtst 1.2.2libXtst-1.2.2

This does not affect master. According to Mitre this affects libXtst before 1.2.3:

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

Cheers
//Sona

> -----Original Message-----
> From: openembedded-core-bounces at lists.openembedded.org
> [mailto:openembedded-core-bounces at lists.openembedded.org] On
> Behalf Of Sona Sarmadi
> Sent: den 10 januari 2017 12:11
> To: openembedded-core at lists.openembedded.org
> Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
> 
> Upgrade libxtst from 1.2.2 to 1.2.3 to address:
> Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
> 
> References:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
> https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312
> 9ec4a7a4f4b54a0d59701beeae3
> 
> Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
> ---
>  meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4
> ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)  rename meta/recipes-
> graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
> 
> diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> similarity index 78%
> rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> index 1b0bcf3..31ea439 100644
> --- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
> +++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
> @@ -16,5 +16,5 @@ PE = "1"
> 
>  XORG_PN = "libXtst"
> 
> -SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
> -SRC_URI[sha256sum] =
> "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83
> 09f6d9"
> +SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
> +SRC_URI[sha256sum] =
> "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b
> f5204"
> --
> 1.9.1
> 
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list