[OE-core] FW: [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3

akuster808 akuster808 at gmail.com
Wed Jan 18 22:34:42 UTC 2017 


On 01/10/2017 10:45 PM, Sona Sarmadi wrote:
> Hi Armin,
>
> I hope it is ok to upgrade libXtst, please let me know if you want to keep the same version and apply the patch instead of upgrade.
this is reasonable request. once its in Morty, I will pull it into krogoth.
thanks for sending the request.

- armin
>
>   The upgrade have only following changes:
>
> https://cgit.freedesktop.org/xorg/lib/libXtst/
> Age	Commit message	Author	Files	Lines
> 2016-10-04	libXtst 1.2.3HEADlibXtst-1.2.3master	Matthieu Herrb	1	-1/+1
> 2016-09-25	Out of boundary access and endless loop in libXtst	Tobias Stoeckmann	1	-4/+39
> 2013-11-23	Remove fallback for _XEatDataWords, require libX11 1.6 for it	Michael Joost	2	-18/+1
> 2013-05-31	libXtst 1.2.2libXtst-1.2.2
>
> This does not affect master. According to Mitre this affects libXtst before 1.2.3:
>
> Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
>
> Cheers
> //Sona
>
>> -----Original Message-----
>> From: openembedded-core-bounces at lists.openembedded.org
>> [mailto:openembedded-core-bounces at lists.openembedded.org] On
>> Behalf Of Sona Sarmadi
>> Sent: den 10 januari 2017 12:11
>> To: openembedded-core at lists.openembedded.org
>> Subject: [OE-core] [PATCH][krogoth] libxtst: 1.2.2 -> 1.2.3
>>
>> Upgrade libxtst from 1.2.2 to 1.2.3 to address:
>> Out of Bounds Write Denial of Service Vulnerability, CVE-2016-7951
>>
>> References:
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
>> https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af312
>> 9ec4a7a4f4b54a0d59701beeae3
>>
>> Signed-off-by: Sona Sarmadi <sona.sarmadi at enea.com>
>> ---
>>   meta/recipes-graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} | 4
>> ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)  rename meta/recipes-
>> graphics/xorg-lib/{libxtst_1.2.2.bb => libxtst_1.2.3.bb} (78%)
>>
>> diff --git a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> similarity index 78%
>> rename from meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> rename to meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> index 1b0bcf3..31ea439 100644
>> --- a/meta/recipes-graphics/xorg-lib/libxtst_1.2.2.bb
>> +++ b/meta/recipes-graphics/xorg-lib/libxtst_1.2.3.bb
>> @@ -16,5 +16,5 @@ PE = "1"
>>
>>   XORG_PN = "libXtst"
>>
>> -SRC_URI[md5sum] = "25c6b366ac3dc7a12c5d79816ce96a59"
>> -SRC_URI[sha256sum] =
>> "ef0a7ffd577e5f1a25b1663b375679529663a1880151beaa73e9186c83
>> 09f6d9"
>> +SRC_URI[md5sum] = "ef8c2c1d16a00bd95b9fdcef63b8a2ca"
>> +SRC_URI[sha256sum] =
>> "4655498a1b8e844e3d6f21f3b2c4e2b571effb5fd83199d428a6ba7ea4b
>> f5204"
>> --
>> 1.9.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list